Hi All, We could finally mange through this. Somehow, the SSLEngine attribute was set as "off" in the AprLifecycleListener which did not allow OpenSSL implementation to work.
This is resolved now. Thanks Neha On Mon, Jun 5, 2017 at 1:27 PM, Neha Munjal <neha.munj...@gmail.com> wrote: > Hi, > > We tried the following configuration, but it still fails with the same > error: > > <Connector port="8443" > address=xxxx > protocol="org.apache.coyote.http11.Http11NioProtocol" > SSLEnabled="true" > maxThreads="150" keyAlias="interact7-priv" > scheme="https" > secure="true" > clientAuth="false" > sslProtocol="TLS"> > <SSLHostConfig hostName=xxxx> > <Certificate certificateKeyAlias=xxx > certificateKeystoreFile=xxxx > certificateKeystorePassword=xxxxx /> > </SSLHostConfig> > </Connector> > > Thanks > Neha > > On Mon, Jun 5, 2017 at 11:53 AM, Hassan Khan <hassankhan...@gmail.com> > wrote: > >> Hi, >> >> we had a different problem with Nio : >> <Connector port="443" protocol="org.apache.coyote.ht >> tp11.Http11NioProtocol" >> ====> Non-blocking connector >> maxThreads="200" SSLEnabled="true" compression="on" >> minSpareThreads="25" maxSpareThreads="75" >> enableLookups="false" connectionTimeout="-1" >> scheme="https" secure="true"> >> >> <SSLHostConfig honorCipherOrder="false" > >> <Certificate certificateKeystoreFile="XXX" >> certificateKeystorePassword="XXX" >> certificateKeyAlias="localhost" >> type="RSA" /> >> </SSLHostConfig> >> </Connector> >> >> so we changed to APR as below and everything worked great : >> <Connector protocol="org.apache.coyote.http11.Http11AprProtocol" >> port="443" clientAuth="false" sslProtocol="TLS" >> SSLEnabled="true" maxThreads="150" scheme="https" secure="true" >> SSLCertificateFile="ABC.crt" >> SSLCertificateKeyFile="TRE.key" >> SSLEngine="on" SSLVerifyDepth="2" >> /> >> >> But your may be different issue... >> >> Thanks >> Hassan >> >> On Mon, Jun 5, 2017 at 1:30 PM, Neha Munjal <neha.munj...@gmail.com> >> wrote: >> >> > Hi Chris, >> > >> > Please find below our Connector information: >> > >> > <Connector port="8443" >> > >> > address=xxxxxxxxxx >> > >> > protocol="org.apache.coyote.http11.Http11NioProtocol" >> > >> > SSLEnabled="true" >> > >> > maxThreads="150" >> > >> > keyAlias=xxxxxxxxx >> > >> > keystoreFile=xxxxxxxxxx keystorePass=xxxxxxxxx >> > >> > scheme="https" >> > >> > secure="true" >> > >> > clientAuth="false" >> > >> > sslProtocol="TLS" /> >> > >> > >> > Also found this link that talks about different SSL implementations >> that we >> > can configure: >> > >> > >> > https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html >> > >> > >> > Our installation uses APR and we have openssl102 installed. I think the >> > connector configuration requires changes. >> > >> > >> > Thanks >> > >> > Neha >> > >> > >> > >> > On Mon, Jun 5, 2017 at 7:58 AM, Christopher Schultz < >> > ch...@christopherschultz.net> wrote: >> > >> > > -----BEGIN PGP SIGNED MESSAGE----- >> > > Hash: SHA256 >> > > >> > > >> > > >> > > Neha, >> > > >> > > On 6/2/17 5:36 PM, Neha Munjal wrote: >> > > > We have been trying to start Apache Tomcat 8.5.14 (JDK version >> > > 8.0_121-b13) >> > > > and land into the following error: >> > > > >> > > > # >> > > > >> > > > # A fatal error has been detected by the Java Runtime Environment: >> > > > # # SIGSEGV (0xb) at pc=0x00007fafaa9ad123, pid=590, >> > > tid=0x00007fb095cdc700 >> > > > # # JRE version: Java(TM) SE Runtime Environment (8.0_121-b13) >> > > > (build 1.8.0_121-b13) >> > > > >> > > > # Java VM: Java HotSpot(TM) 64-Bit Server VM (25.121-b13 mixed >> > > > mode linux-amd64 compressed oops) >> > > > >> > > > # Problematic frame: >> > > > >> > > > # C [libapr-1.so.0+0x25123] apr_threadkey_private_set+0x3 >> > > >> > > >> > > Hmm... I've not seen this one before. >> > > >> > > Can you please post your <Connector> configuration (with any secrets >> > > removed)? >> > > >> > > - -chris >> > > >> > > -----BEGIN PGP SIGNATURE----- >> > > Comment: GPGTools - http://gpgtools.org >> > > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> > > >> > > iQIcBAEBCAAGBQJZNXF8AAoJEBzwKT+lPKRYZjYP/jgD5WziGLxS6FzHBX9bkkKZ >> > > NeNVsi0PZZDRBmdKdcudeHYHsW4gqNNfYHIakcWYhS5f7fSJx6cgJrC550OSL5mU >> > > Wzeqe7gTBmju2L9YcM9TJwITS7X+FvpaGv+y4tCcjGyHNwB1Se0N1bHasRZYo8DR >> > > lg7rAAtPKfzBaeMlf6JcHGK2+K/3sXzGL0oAAyWG3j5jzE1IYl5hiV/oQtNKwZ7K >> > > l6YzL0/tx9jpiuRFRhHPkPJh2fYUP6ZQ5I8J12fjjeKWgiCepJvwuLKgQ9uDwYrB >> > > Bz0mrc8hQSvMTbIx5bVrRVmMmJiofTcL81H3QE9BN5/yFk+CrCwvmt8E/w25/PoP >> > > tfZ4fbcDJ2U4tA2BDbXL/oOpl3TtcDh8kzZadWa6hZBfEjgsoyXJD9MJ4QHtrjql >> > > FHLx0SYCasAwpNNGM2TZ3rvXEWEoWh+thRkxN1oe6ysmVqKgT7y7JO2fjPRXNQ+x >> > > PP6DouWUAItXTxa4Rzom7Pu9o8YkxJ10GU6U7hAKI8JzVpSiifOttMy/QWV02Rpx >> > > th4+SOhzkjgsecTFzK9vsdM1M0MTHVsyNyrj1iRilt0eHonYiTmq9NfmKvskIgqi >> > > QaOdO5Ykd2YCHroF8qtVmr559Z84XOyaqOzjeyz8pgCaRtamHNGXdm6UGdfv7QjZ >> > > /AEW3TdCWPHVOr3xmdgq >> > > =4rJc >> > > -----END PGP SIGNATURE----- >> > > >> > > --------------------------------------------------------------------- >> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> > > For additional commands, e-mail: users-h...@tomcat.apache.org >> > > >> > > >> > >> >> >> >> -- >> Hassan Khan >> > >
