Mark Thomas wrote:
On 07/07/2015 09:28, Alex Soto wrote:
Hi Mark, SSL Session ID is not passed to Tomcat. You can see the logs here
https://gist.github.com/lordofthejars/226d8ed605f2a58b52f3 (I have created
a gist to not add here a lot of lines).
Now the question is is it happens because of mod_jk or because of Apache?
Alex.
OK. You've reached the limits of my conform zone. You need someone more
familiar with the httpd side of things at this point. Rainer?
Mark
Not Rainer, but maybe this helps :
http://tomcat.apache.org/connectors-doc/reference/apache.html
Look for "JkExtractSSL".
El dl., 6 jul. 2015 a les 12:48, Mark Thomas (<ma...@apache.org>) va
escriure:
On 06/07/2015 10:48, Alex Soto wrote:
Hello I have seen a strange behaviour in Apache HTTPD (2.4) and TomEE
(in
fact it is a Tomcat (7.0.61) so it is exactly the same for Tomcat) when I
configure Apache server with SSL and mod_jk.
In fact I am not sure where it is the problem if in mod_jk, in Apache
Server or in Tomcat, but I suspect that maybe the problem is on mod_jk
configuration.
I am configuring the typical Apache as frontend and TomEE(Tomcat) as
backend solution. Currently Apache is configured with SSL and with mod_jk
it connects to TomEE using AJP. This works perfectly. The problem is that
inside my code I need to get the ssl session id:
String ssl =
(String)servletRequest.getAttribute("javax.servlet.request.ssl_session_id");
I don't know why but sometimes this attribute is null and sometimes not.
It
may return a null at first then stay like 10 requests working and then
stop
working again during some requests and the get attribute returns null.
It seems that everything is configured correctly since sometimes works.
Have you ever found something similar or knows what it can be happening?
Do
you think that maybe the problem is on client (browser) side?
Everything is dockerized here:
https://github.com/lordofthejars/apache-tomee-ssl so you can review
configuration files of tomcat and apache or even run it.
Thank you so much for your support.
Try turning on debug logging for mod_jk. It will generate lots of data
so just do it long enough to see the problem. When you look at the logs
you should be able to see if the SSL Session ID is being passed to
Tomcat or not.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
