You mean here maxThreads="150"? But is no respective log message for this. And, I didn't find much request to the service. Currently there are no changed settings(firewall/network, etc.).
On Wed, Jan 21, 2015 at 11:28 PM, Jeffrey Janner < jeffrey.jan...@polydyne.com> wrote: > > -----Original Message----- > > From: Jason Y [mailto:day...@gmail.com] > > Sent: Wednesday, January 21, 2015 12:44 AM > > To: Tomcat Users List > > Subject: Re: SSL issue in tomcat > > > > Got another issue...Tomcat is working fine after restart but it cannot > > last > > long. > > Now I cannot access https pages with any browsers. I didn't find > > anything > > useful in logs. > > After a restart, it works well again. > > > > <Connector executor="tomcatThreadPool" > > port="8080" protocol="HTTP/1.1" > > connectionTimeout="20000" > > redirectPort="8443" /> > > <Connector port="8443" > > protocol="org.apache.coyote.http11.Http11Protocol" > > maxThreads="150" SSLEnabled="true" scheme="https" > > secure="true" > > clientAuth="false" sslProtocol="TLS" > > sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" > > keystoreFile="lib/cert/xxxx.keystore" > > keystorePass="xxxx" /> > > <!-- Define an AJP 1.3 Connector on port 8009 --> > > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> > > > > Just a thought, but since it works for a while and then stops responding, > could it be that the OP is running out of processing threads, i.e. a thread > or connection pool leak? > > > > On Wed, Jan 21, 2015 at 10:01 AM, Sanaullah <sanaulla...@gmail.com> > > wrote: > > > > > its not necessary to have ciphers properties but if you want to > > restrict > > > the ciphers then you can use this property. > > > > > > On Wed, Jan 21, 2015 at 6:53 AM, Jason Y <day...@gmail.com> wrote: > > > > > > > Thank you all. Now it is working fine. > > > > > > > > <Connector port="8443" > > protocol="org.apache.coyote.http11.Http11Protocol" > > > > maxThreads="150" SSLEnabled="true" scheme="https" > > > > secure="true" > > > > clientAuth="false" sslProtocol="TLS" > > > > sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" > > > > keystoreFile="lib/cert/xxxx.keystore" keystorePass="xxxx" > > > > ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, > > > > TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA" > > /> > > > > > > > > By the way, do I need "ciphers" properties here? > > > > > > > > On Tue, Jan 20, 2015 at 11:22 PM, Christopher Schultz < > > > > ch...@christopherschultz.net> wrote: > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > Hash: SHA256 > > > > > > > > > > Jason, > > > > > > > > > > On 1/20/15 4:17 AM, Jason Y wrote: > > > > > > Recently my application cannot be accessible in browser with > > https > > > > > > version. I think it is due to vulnerability in ssl 3.0 issue. > > > > > > > > > > > > I checked my tomcat configuration and replaced sslProtocol="TLS" > > > > > > with sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to disable SSL > > > > > > 3.0. > > > > > > > > > > > > <Connector port="8080" protocol="HTTP/1.1" > > > > > > connectionTimeout="20000" redirectPort="8443" /> <Connector > > > > > > port="8443" protocol="org.apache.coyote.http11.Http11Protocol" > > > > > > maxThreads="150" SSLEnabled="true" scheme="https" secure="true" > > > > > > clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" > > > > > > keystoreFile="xxx" keystorePass="xxx" /> <Connector port="8009" > > > > > > protocol="AJP/1.3" redirectPort="8443" /> > > > > > > > > > > None of the responses you have gotten thus far are useful in any > > way. > > > > > > > > > > Your configuration looks fine to me: sslEnabledProtocols is the > > way to > > > > > go, although in recent versions of Tomcat the default is NOT to > > > > > include any "SSL" protocols and only use the "TLS" ones, so if you > > are > > > > > running something recent, you should be okay. > > > > > > > > > > > Then I can open my application https link in browser. BUT, good > > > > > > time never lasts too long, after several hours, I failed to > > access > > > > > > my https link again. > > > > > > > > > > What kinds of errors do you get? What do the logs say? What are > > the > > > > > URLs you are using? > > > > > > > > > > > Anyone has any ideas about this? please share your > > suggestions...My > > > > > > tomcat version is 7.0.55 > > > > > > > > > > Those SSL/TLS defaults I mentioned above were done in 7.0.57, so > > you > > > > > should definitely keep your above configuration. There is no need > > to > > > > > add a trust store or cipher specification to that. > > > > > > > > > > - -chris > > > > > -----BEGIN PGP SIGNATURE----- > > > > > Version: GnuPG v1 > > > > > Comment: GPGTools - http://gpgtools.org > > > > > > > > > > iQIcBAEBCAAGBQJUvnKiAAoJEBzwKT+lPKRYQtsP/00rm7rdKVUID9YVQ4WJk3ty > > > > > JVQa/g0Kg4prYC+w5AFvZaiDK6EC014GKoTz4ktUzY4Ubnyd3vxsRTV+6/JOig0J > > > > > C9HcXKEZf63KS2uro71ymXNH0glDGJWtkCeTLR60elBUnyoOIat6ifQ9DqbH9BGT > > > > > nxJLRq4GZg8aaqKqToJNREY/6nX09+qmPYgpvzrdNlhDgxdb97o9hEPPQA85DMmG > > > > > mDMyP/TdnIcOdYa8n94/yFjaLQBqCAMl7li2VugbVMkSZMriz/NXnr52xTvZsFtH > > > > > 8x4D5z5AzU+8+3P+vULmogW6418igLLWZHf03FAh2Wh5RKmvqKjaMzhC9qACYooJ > > > > > T7F1QfCZVqsEd5edzP17sUPjG62A1awwfMHB3/qmMpWz+Fde4taz2t+Pz652fugw > > > > > HrfhERRjkdpogfHmrAhBgZ/r89GpYlqEvMguW2PW6zL/ku51wx+aMfujrXO63+ZM > > > > > 9psUeSvsR823foOYa6C3UV3MFbGWE7awUWuIBQi1bOxsP/ldKvEESGtdu9GpLHw7 > > > > > A/5fyZ2a6+99HC56lvraGvPi+5ZI52Ej1mR0Ckk9RHRWqoCApTYsCzAPWd5Fntuq > > > > > zuNoyI6onNFKNDZ+17Nm55rywgHR/5hh5CLbf1PwSJRw2mJXbEnoXXUo1XoCS+Oo > > > > > G5/ksEFNFSc9+yQSSC1H > > > > > =PVop > > > > > -----END PGP SIGNATURE----- > > > > > > > > > > ------------------------------------------------------------------ > > --- > > > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > > > > > > > > > > >
