Re: "Invalid Server SSL Protocol" on Tomcat 8.0.15 with Tomcat Native library 1.1.32 and APR 1.5.1

Wed, 17 Dec 2014 17:16:26 -0800 

I should have included this in the previous message.

The AprLifecycleListener is declared in server.xml like this:
  <Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />




On Wed, Dec 17, 2014 at 5:12 PM, Mike Wertheim <m...@hyperreal.org> wrote:
>
> I'm trying to upgrade from Tomcat 7.0.41 with APR to Tomcat 8.0.15 with
> APR.  (I'm using JDK 1.8.0.25 on CentOS.)
>
> My first step was to upgrade to Tomcat Native library 1.1.32 and APR 1.5.1
> while still using Tomcat 7.0.41.  This combination works great.  My webapp
> starts up and is accessible using either SSL or non-SSL.
>
> Next I upgraded to Tomcat 8.0.15 (again with Tomcat Native library 1.1.32
> and APR 1.5.1).  Tomcat 8.0.15 starts up, and the first lines of
> catalina.out are a message that shows that Tomcat Native library 1.1.32 and
> APR 1.5.1 are indeed in use.  My webapp starts up and is accessible using
> non-SSL requests, but SSL requests don't work.
>
> When I saw that SSL wasn't working, I looked in catalina.out and saw this:
>
> org.apache.coyote.AbstractProtocol.init Failed to initialize end point
> associated with ProtocolHandler ["http-apr-8443"]
>  java.lang.Exception: Unable to create SSLContext. Check that SSLEngine is
> enabled in the AprLifecycleListener, the AprLifecycleListener has
> initialised correctly and that a valid SSLProtocol has been specified
>         at
> org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:532)
>         at
> org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:730)
> [...]
> Caused by: java.lang.Exception: Invalid Server SSL Protocol
> (error:00000000:lib(0):func(0):reason(0
> ))
>         at org.apache.tomcat.jni.SSLContext.make(Native Method)
>         at
> org.apache.tomcat.util.net.AprEndpoint.bind(AprEndpoint.java:527)
>
>
> The SSL Connector in server.xml looks like this:
>     <Connector port="8443" URIEncoding="utf-8"
>                 maxKeepAliveRequests="3" keepAliveTimeout="3000"
>                 scheme="https" secure="true" SSLEnabled="true"
>                 SSLCertificateFile="/home/scuser/ssl/cert.crt"
>                 SSLCertificateKeyFile="/home/scuser/ssl/cert.key"
>
> SSLCertificateChainFile="/home/scuser/ssl/intermediateCA.cer"
>                 clientAuth="false" sslProtocol="TLS"/>
>
> Can anyone see what might be going wrong?
>
>
> Thanks,
> Mike
>
>

Reply via email to