-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Chirag,
I have a bunch of non-SSL-related questions about your code. On 10/9/13 9:59 AM, Chirag Dewan wrote: > I have a wrapper connector class : > > public HTTPConnector(int port, String keystoreFile, String > password, int maxKeepAliveRequests, int maxThreads, int > connectionTimeout, Logger logger) throws Exception { myLogger = > logger; this.keyStoreFile = keystoreFile; this.keyStorePassword = > password; > > if( maxKeepAliveRequests != 0 && maxKeepAliveRequests >= -1 ) { > IntrospectionUtils.setProperty( this, "maxKeepAliveRequests", > String.valueOf( maxKeepAliveRequests ) ); } What's wrong with calling this.setMaxKeepAliveRequests(maxKeepAliveRequests)? It seems like you have way more code than necessary in this class. > if( keystoreFile != null ) { String cipherSet = > System.getProperty("https.cipher.set"); > > setSecure( true ); Here, you're using this.serSecure(true) instead of using IntrospectionUtils. Why some settings via IntrospectionUtils and others with direct method calls? > setScheme( "https" ); > > try { // Added TLS since there is a bug in Tomcat 5.5.9. No default > protocol is set. IntrospectionUtils.setProperty( this, > "sslProtocol", "TLS" ); IntrospectionUtils.setProperty( this, > "keystore", keyStoreFile ); IntrospectionUtils.setProperty( this, > "keypass", keyStorePassword ); IntrospectionUtils.setProperty( > this, "SSLEnabled", "true" ); if(cipherSet != null && > !cipherSet.equalsIgnoreCase("")){ It might be worth calling trim() on the cipherSet value before checking for equality with "". Using "ignore case" on an empty string is not going to add anything, FYI. > catch( Exception exception ) { myLogger.severe( "Could not load SSL > server socket factory." ); throw new Exception( "Could not load SSL > server socket factory." ); } How about just "throw exception;"... any reason to completely swallow the original exception and throw a new one? That just seems confusing. This constructor seems much more appropriate to be a "factory" method instead of a constructor for a class that trivially extends the existing Connector. With a factory, you could also choose the type of connector to use instead of having to extend a specific one (e.g. NIO vs. BIO, etc.). > and I attach it to the container by : > > Embedded embedded = new Embedded(); > > embedded.addConnector( connector ); connector.start(); > > and I call embedded.start(); during intialization,so I have the > Tomcat running. > > Chris,"cipherSet" is a configurable parameter. I am usually using > TLS_DHE_RSA_WITH_AES_128_CBC_SHA for testing purpose. That all seems fairly straightforward. I have no idea why SSL would be acting up, there. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSVXjbAAoJEBzwKT+lPKRYdpYP/jJfmjmJunQ6vGpuVuEQuRqd lmAE3IflDuubcTls6XHyGrR2CM1X/3ALuu3ISm6HiRMsqACJ8EYLvOYcp821uom6 y7Gy21DkjUg7T51X1QjBQVvpt8LtKGmsQeGxmYZN91gNYJG8MFQaugPn3GDbDpVj f8WQgDwUG5JYrKtHY1MF+neDEUkkz3xUjlTak5S2YEFi4o2wF6bCigexVUavae4v gZgCtoTmcBhyWL/t4M0/BaAm7PdNce7GGHDl1/+yZS6rlvMC8wlxxPNCicROHySo lTirs5boNlIVJuAXqf3pEequk+IowtoZD6Dix+Y90YX0DlExVnTkPY86n7A4QQUK 3lxvWOjjbsJn8hY4Pq8RjR64uTi/Exy6qczTeJmDVu3sY+KhtpZ1Ez+sMlCHNrHP KlNKFEwtnO97hxZBzBUiiLl+6nMWxpWoGRXeMqYozNg6qxV2bzG3q141I5OmHjs5 fu/kGtHHZFkNIXgsxpdo/w3chSLLUFY6AtCIQdBeQ6A36Kei6ccyw1vWZL6kfLJT UK51b+27kOpgW085dnfUncUx4bQoUrEo9+aCbRJBRbj233CMI+LOQCh+VLJqu4K+ vnlNMY2SZchSHwyoYGTCeYNg9GB9TbPjFI6T7Hq+cDdYI0hONS545ohfFojCaa8F szV4iCbcDwgJDOrFDG1w =g/8J -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org