Switched to a configuration where Tomcat is now front-ended by Nginx acting as a load balancer, so now the problem has moved to a different spot.
As for the PSK: the computational expense of key exchange (we have many frequent short lived connections) is a con that brings zero benefit to our setup, as the clients are fixed and already have the symmetric keys. I could ask the inverse question: if one controls not just the server but also the clients, what's the point of public key crypto? The only reason I'm relying on TLS is because the same server also needs to occasionally support regular connections using certificates. Thanks. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org