Re: SSL and IPv6 when using address to set a specific IP
On Mon, Mar 5, 2018 at 10:35 AM, Mark Thomas wrote: > On 05/03/18 15:00, Mark Thomas wrote: >> On 05/03/18 02:02, Rick Trudeau wrote: >>> Hi, >>> I'm having some problems using SSL on my connector when binding it to >>> a specific IPv6 address. >>> I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12. > > > >>> 05-Mar-2018 01:11:11.724 WARNING [main] >>> org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to >>> generate a valid JMX object name for the SSLHostConfig associated >>> withhost [_default_] >>> javax.management.MalformedObjectNameException: Invalid character ':' >>> in value part of property > > > >>> Has anyone had any success binding to a specific IPv6 literal address >>> when using SSL? >> >> Ah. That looks like a bug generating the MBean name from the address >> attribute. Let me take a look. > > The good news is that that error shouldn't stop the TLS connector > working although it won't be exposed via JMX. > > I've fixed this but unfortunately the next set of releases were tagged > this morning so the fix won't be available until 9.0.7 / 8.5.30 which - > unless the current releases fail for some reason - most likely won't be > available until early next month. > > Mark > Well that's certainly a quick turnaround! Thanks for you help with this Mark, we'll keep our eyes open for 8.5.30. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL and IPv6 when using address to set a specific IP
On 05/03/18 15:00, Mark Thomas wrote: > On 05/03/18 02:02, Rick Trudeau wrote: >> Hi, >> I'm having some problems using SSL on my connector when binding it to >> a specific IPv6 address. >> I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12. >> 05-Mar-2018 01:11:11.724 WARNING [main] >> org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to >> generate a valid JMX object name for the SSLHostConfig associated >> withhost [_default_] >> javax.management.MalformedObjectNameException: Invalid character ':' >> in value part of property >> Has anyone had any success binding to a specific IPv6 literal address >> when using SSL? > > Ah. That looks like a bug generating the MBean name from the address > attribute. Let me take a look. The good news is that that error shouldn't stop the TLS connector working although it won't be exposed via JMX. I've fixed this but unfortunately the next set of releases were tagged this morning so the fix won't be available until 9.0.7 / 8.5.30 which - unless the current releases fail for some reason - most likely won't be available until early next month. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL and IPv6 when using address to set a specific IP
On 05/03/18 02:02, Rick Trudeau wrote: > Hi, > I'm having some problems using SSL on my connector when binding it to > a specific IPv6 address. > I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12. > > My connector config looks like this: > maxThreads="150" >scheme="https" >secure="true" >SSLEnabled="true" >keystoreFile="/opt/keystore/keystore" >keystorePass="secret" >clientAuth="false" >keyAlias="myAlias" >sslProtocol="TLS" >address="fe80::a00:27ff:fe13:ca0d"/> > > catalina.out shows this exception immediately after startup. I think > it indicates there are some parsing errors when parsing the IPv6 > address. > > 05-Mar-2018 01:11:11.141 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["https-jsse-nio-fe80:0:0:0:a00:27ff:fe13:ca0d-8443"] > 05-Mar-2018 01:11:11.709 INFO > [main]org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector > Using a shared selector for servlet write/read > 05-Mar-2018 01:11:11.724 WARNING [main] > org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to > generate a valid JMX object name for the SSLHostConfig associated > withhost [_default_] > javax.management.MalformedObjectNameException: Invalid character ':' > in value part of property > at javax.management.ObjectName.construct(ObjectName.java:618) > at javax.management.ObjectName.(ObjectName.java:1382) > at > org.apache.tomcat.util.net.AbstractEndpoint.registerJmx(AbstractEndpoint.java:1105) > at > org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1095) > at > org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268) > at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) > at > org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:993) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > at > org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > at > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) > at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) > at org.apache.catalina.startup.Catalina.load(Catalina.java:632) > at org.apache.catalina.startup.Catalina.load(Catalina.java:655) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) > > If I remove address attribute to allow binding on all interfaces, > things are good. But my use case, however, requires binding to a > specific IPv6 address. > Since these SSL attributes are deprecated from what I've read, I've > also tried moving the SSL configs to the newer SSLHostConfig block, > but the same error remains. > > Has anyone had any success binding to a specific IPv6 literal address > when using SSL? Ah. That looks like a bug generating the MBean name from the address attribute. Let me take a look. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
SSL and IPv6 when using address to set a specific IP
Hi, I'm having some problems using SSL on my connector when binding it to a specific IPv6 address. I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12. My connector config looks like this: catalina.out shows this exception immediately after startup. I think it indicates there are some parsing errors when parsing the IPv6 address. 05-Mar-2018 01:11:11.141 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-jsse-nio-fe80:0:0:0:a00:27ff:fe13:ca0d-8443"] 05-Mar-2018 01:11:11.709 INFO [main]org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read 05-Mar-2018 01:11:11.724 WARNING [main] org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to generate a valid JMX object name for the SSLHostConfig associated withhost [_default_] javax.management.MalformedObjectNameException: Invalid character ':' in value part of property at javax.management.ObjectName.construct(ObjectName.java:618) at javax.management.ObjectName.(ObjectName.java:1382) at org.apache.tomcat.util.net.AbstractEndpoint.registerJmx(AbstractEndpoint.java:1105) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1095) at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68) at org.apache.catalina.connector.Connector.initInternal(Connector.java:993) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:549) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107) at org.apache.catalina.startup.Catalina.load(Catalina.java:632) at org.apache.catalina.startup.Catalina.load(Catalina.java:655) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492) If I remove address attribute to allow binding on all interfaces, things are good. But my use case, however, requires binding to a specific IPv6 address. Since these SSL attributes are deprecated from what I've read, I've also tried moving the SSL configs to the newer SSLHostConfig block, but the same error remains. Has anyone had any success binding to a specific IPv6 literal address when using SSL? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org