SSL and IPv6 when using address to set a specific IP

Sun, 04 Mar 2018 18:02:38 -0800 

Hi,
I'm having some problems using SSL on my connector when binding it to
a specific IPv6 address.
I'm trying this on Tomcat v 8.5.28, Ubuntu 14.04, JVM v1.8.0_161-b12.

My connector config looks like this:
<Connector port="8443"
   maxThreads="150"
   scheme="https"
   secure="true"
   SSLEnabled="true"
   keystoreFile="/opt/keystore/keystore"
   keystorePass="secret"
   clientAuth="false"
   keyAlias="myAlias"
   sslProtocol="TLS"
   address="fe80::a00:27ff:fe13:ca0d"/>

catalina.out shows this exception immediately after startup.  I think
it indicates there are some parsing errors when parsing the IPv6
address.

05-Mar-2018 01:11:11.141 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-jsse-nio-fe80:0:0:0:a00:27ff:fe13:ca0d-8443"]
05-Mar-2018 01:11:11.709 INFO
[main]org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector
Using a shared selector for servlet write/read
05-Mar-2018 01:11:11.724 WARNING [main]
org.apache.tomcat.util.net.AbstractEndpoint.registerJmx Unable to
generate a valid JMX object name for the SSLHostConfig associated
withhost [_default_]
 javax.management.MalformedObjectNameException: Invalid character ':'
in value part of property
        at javax.management.ObjectName.construct(ObjectName.java:618)
        at javax.management.ObjectName.<init>(ObjectName.java:1382)
        at 
org.apache.tomcat.util.net.AbstractEndpoint.registerJmx(AbstractEndpoint.java:1105)
        at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1095)
        at 
org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:268)
        at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
        at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:68)
        at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:549)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:875)
        at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:107)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:632)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:655)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)

If I remove address attribute to allow binding on all interfaces,
things are good.  But my use case, however, requires binding to a
specific IPv6 address.
Since these SSL attributes are deprecated from what I've read, I've
also tried moving the SSL configs to the newer SSLHostConfig block,
but the same error remains.

Has anyone had any success binding to a specific IPv6 literal address
when using SSL?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to