Re: Issue while using SSL with Embedded Tomcat 6.0.37

Chirag Dewan Wed, 09 Oct 2013 07:00:46 -0700

Hi,

I have a wrapper connector class :


public HTTPConnector(int port, String keystoreFile, String password, int 
maxKeepAliveRequests, int maxThreads, int connectionTimeout, Logger logger)
            throws Exception
    {
        myLogger = logger;
        this.keyStoreFile = keystoreFile;
        this.keyStorePassword = password;

        if( maxKeepAliveRequests != 0 && maxKeepAliveRequests >= -1 )
        {
            IntrospectionUtils.setProperty( this, "maxKeepAliveRequests", 
String.valueOf( maxKeepAliveRequests ) );
        }

        if( maxThreads > 0 )
        {
            IntrospectionUtils.setProperty( this, "maxThreads", String.valueOf( 
maxThreads ) );
        }

        InetAddress address = null;
        try
        {
            if( keystoreFile != null )
            {
                String cipherSet = System.getProperty("https.cipher.set");
                
                setSecure( true );

                if( myLogger.isLoggable( Level.FINER ) ) myLogger.finer( 
"EmbeddedTomcat using HTTPS and cipher sets " + cipherSet );
                setScheme( "https" );

                try
                {
                    // Added TLS since there is a bug in Tomcat 5.5.9. No 
default protocol is set.
                    IntrospectionUtils.setProperty( this, "sslProtocol", "TLS" 
);
                    IntrospectionUtils.setProperty( this, "keystore", 
keyStoreFile );
                    IntrospectionUtils.setProperty( this, "keypass", 
keyStorePassword );
                    IntrospectionUtils.setProperty( this, "SSLEnabled", "true" 
);
                    if(cipherSet != null && !cipherSet.equalsIgnoreCase("")){
                        
                        IntrospectionUtils.setProperty( this, "ciphers", 
cipherSet );
                        
                    }
                }
                catch( Exception exception )
                {
                    myLogger.severe( "Could not load SSL server socket 
factory." );
                    throw new Exception( "Could not load SSL server socket 
factory." );
                }
            }
            else
            {
                setSecure( false );
            }

            address = InetAddress.getLocalHost();
            if( address != null )
            {
                IntrospectionUtils.setProperty( this, "address", "" + address );
            }
            IntrospectionUtils.setProperty( this, "port", "" + port );
            IntrospectionUtils.setProperty( this,  "connectionTimeout", 
String.valueOf((connectionTimeout * 1000)) );
        }
        catch( Exception exception )
        {
            myLogger.severe( "Exception occurred while making HTTP Connector. " 
);
            throw new Exception( "Exception occurred while making HTTP 
Connector. " );
        }

        try
        {
            setEnableLookups( false );
        }
        catch( Exception exception )
        {
            myLogger.severe( "Exception occurred while enabling lookups. " );
            throw new Exception( "Exception occurred while enabling lookups. " 
);
        }
    }

and I attach it to the container by :

Embedded embedded = new Embedded();

embedded.addConnector( connector );
                connector.start();

and I call embedded.start(); during intialization,so I have the Tomcat running.

Chris,"cipherSet" is a configurable parameter. I am usually using 
TLS_DHE_RSA_WITH_AES_128_CBC_SHA for testing purpose.

Thanks!

Chirag




On Wednesday, 9 October 2013 7:17 PM, Christopher Schultz 
<ch...@christopherschultz.net> wrote:
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Chirag,

On 10/9/13 8:39 AM, Chirag Dewan wrote:
> The first request after the Server is started gets rejected.

Interesting.

> I am setting my connector as follows:
> 
> IntrospectionUtils.setProperty( this, "sslProtocol", "TLS" ); 
> IntrospectionUtils.setProperty( this, "keystore", keyStoreFile ); 
> IntrospectionUtils.setProperty( this, "keypass", keyStorePassword
> ); IntrospectionUtils.setProperty( this, "SSLEnabled", "true" ); 
> IntrospectionUtils.setProperty( this, "ciphers", cipherSet );
> 
> This is my connector configuration. I am now setting cipher,as you
>  can see. And it is selecting the specified cipher,so that way I
> can limit the cipher sets to be selected by Server.

What is the value of "cipherSet"?

Perhaps you could share some /more/ code... the above for instance
doesn't show how you initialize the connector, attach it to the
container, etc.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSVV5IAAoJEBzwKT+lPKRYhOcP/RMB6jViNpnHboLKWMpxGZmi
OhfaT3GOKmjgaN/lbKZJV5tj3Y3Sb4MrYJzybw0FRUwpkmnK0Y9YgcmiizkTRuTr
Qn8axJovAYODi//PBopUuDFcM+ecqYaN7CfUVk+x7UfBDgEXtsbMqFC34BOAS4EL
KwZxG1ZAsiy6Wcz2RtEqBmioHRFJFP6uyxDvgQEZL90niNtAz+tnc3ut9gVZdZt7
mRl6gEfczWTMKwRYNcE2ltXbAeDjRT1dWEShjHcf7ybawA72lxdxoc8S1iWmZBJ5
ULTdwbwIOmepbUyGT5KioXt7/uENXYElzBqnO4O6lceg0bofcub8d12JNjHUA+bD
YbVHwSRkG9sjM7aou1xmK/JD6zRUbVbuBVg8HYsHZYcN5S0GEolfLlDiaz0vF6iS
56B0aYwTvBm/+KF+FPFPv/Nj+rPV0ukhE145MbHELN8rzfTbcP2m0q/dyUdddOa/
GY79VjXPevqlVUmiIlahx+woVJzpWq2pdG3AckPP0ZXehP/X4WjSmCgT+xATmg33
K88mqGgaU3zJnBpUUWe1mkUy8K0tVBSUuGNlivkHXxabY16Lci+kCsoveaVivTtp
RLhTQ+eryoudQb5wGY6OWQKLdIwm8vTBQ7HArrq2OePy6tzqY/8vjKWqKXn7Byn9
FhmxAFdo+ulfNChxVIC4
=JFmk

-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issue while using SSL with Embedded Tomcat 6.0.37

Reply via email to