I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with
APR. (I'm using JDK 1.8.0.25 on CentOS.)
My first step was to upgrade to Tomcat Native library 1.1.32 and APR 1.5.1
while still using Tomcat 7.0.41. This combination works great. My webapp
starts up and is accessible using either SSL or non-SSL.
Next I upgraded to Tomcat 8.0.15 (again with Tomcat Native library 1.1.32
and APR 1.5.1). Tomcat 8.0.15 starts up, and the first lines of
catalina.out are a message that shows that Tomcat Native library 1.1.32 and
APR 1.5.1 are indeed in use. My webapp starts up and is accessible using
non-SSL requests, but SSL requests don't work.
When I saw that SSL wasn't working, I looked in catalina.out and saw this:
org.apache.coyote.AbstractProtocol.init Failed to initialize end point
associated with ProtocolHandler ["http-apr-8443"]
java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is
enabled in the AprLifecycleListener, the AprLifecycleListener has
initialised correctly and that a valid SSLProtocol has been specified
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532)
at
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730)
[...]
Caused by: java.lang.Exception: Invalid Server SSL Protocol
(error:00000000:lib(0):func(0):reason(0
))
at org.apache.tomcat.jni.SSLContext.make(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527)
The SSL Connector in server.xml looks like this:
<Connector port="8443" URIEncoding="utf-8"
maxKeepAliveRequests="3" keepAliveTimeout="3000"
scheme="https" secure="true" SSLEnabled="true"
SSLCertificateFile="/home/scuser/ssl/cert.crt"
SSLCertificateKeyFile="/home/scuser/ssl/cert.key"
SSLCertificateChainFile="/home/scuser/ssl/intermediateCA.cer"
clientAuth="false" sslProtocol="TLS"/>
Can anyone see what might be going wrong?
Thanks,
Mike
