Hello everyone! I have a webapp running on tomcat 7.0.92 with java 7 with
APR/tomcat native 1.2.19 on RHEL 6
I've tested website(debug.ieml.ru) on which my webapp is running on ssllabs
server test and one thing I've noticed is the orange warning line saying
Session resumption (caching) No (IDs empty)
which obviously means that session caching is not enabled
So the question is how to enable it when using Apr
tomcat connector documentation has sessionCacheSize attribute but it is for
JSSE only and not APR
Am I missing some other attribute which enables on APR connector
or does this mean that APR doesn't use SSL session caching?
Here is my connector from server.xml
<Connector allowTrace="false" server=" " port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
redirectPort="8443"
SSLHonorCipherOrder="true"
SSLCertificateFile="server.crt"
SSLCertificateKeyFile="server.key"
SSLCertificateChainFile="authorities.crt"
SSLProtocol="TLSv1.2+TLSv1.3"
maxThreads="350" minSpareThreads="25" SSLEnabled="true"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
compression="force"
SSLCipherSuite="TLS_CHACHA20_POLY1305_SHA384,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384
,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
ECDHE-ECDSA-AES256-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,
ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,
ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA"></Connector>