https://bz.apache.org/bugzilla/show_bug.cgi?id=67675
--- Comment #18 from ggar <ggarabedian.g...@gmail.com> --- Is it expected for PEM cert/key created with OpenSSL 1.0.2zh (or any 1.0.2) to stop working after this change? It seems to work fine with items generated through OpenSSL 1.1.1. Here's an example of the command we use: openssl req -new -sha256 -x509 -out servercert.pem -keyout serverkey.pem -subj /"/CN=localhost" -days 90 -passout pass:test I'm seeing the following error after upgrading to 9.0.83: 13-Dec-2023 02:04:34.337 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector["https-openssl-apr-443"]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1011) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:554) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1039) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:127) at org.apache.catalina.startup.Catalina.load(Catalina.java:724) at org.apache.catalina.startup.Catalina.load(Catalina.java:746) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:307) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477) Caused by: java.lang.IllegalArgumentException: The pseudo random function with DER encoded OID of [2a864886f70d0307] was not recognised at org.apache.tomcat.util.net.AprEndpoint.createSSLContext(AprEndpoint.java:467) at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:433) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1332) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1345) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:654) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:75) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1009) ... 13 more Caused by: java.security.NoSuchAlgorithmException: The pseudo random function with DER encoded OID of [2a864886f70d0307] was not recognised at org.apache.tomcat.util.net.jsse.PEMFile$Part.toPrivateKey(PEMFile.java:411) at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:213) at org.apache.tomcat.util.net.jsse.PEMFile.<init>(PEMFile.java:141) at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:355) at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:108) at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:268) at org.apache.tomcat.util.net.AprEndpoint.createSSLContext(AprEndpoint.java:465) ... 19 more 13-Dec-2023 02:04:34.352 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [2478] milliseconds The thrown error seems to have been added with this fix and that's why I'm writing here. That's my first post so I'm sorry if I should be opening a new report instead (couldn't find anything specific in the guidelines). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org