Re: Connector Port Issue

Wed, 11 Aug 2021 09:25:14 -0700 

Chris,

> Am 11.08.2021 um 16:40 schrieb Chris Strickland 
> <drivenbyvis...@yahoo.com.invalid>:
> 
> 
> Anyone happen to know where in the server.xml file the attributes go for 
> clientAuth and sslEnabledProtocols?

They goes in "protocols" and  "certificateVerification" attributes of 
SSLHostConfig.

Like this:

    <SSLHostConfig
            hostName="${hostname}"
            honorCipherOrder="true"
            certificateVerification="none"
            
certificateRevocationListFile="${catalina.base}/conf/ssl/ca-bundle-client.crl"
            truststoreFile="${catalina.base}/conf/ssl/cacerts.jks"
            truststorePassword="changeit"
            protocols="TLSv1.2+TLSv1.3"
            
ciphers="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS">
    <Certificate 
certificateKeystoreFile="${catalina.base}/conf/ssl/mycert_ecc.p12"
                 certificateKeystorePassword="xxx"
                 certificateKeyAlias="server_ecc"
                 type="EC" />
     <Certificate certificateKeystoreFile="${catalina.base}/conf/ssl/mycert.p12"
                  certificateKeystorePassword="xxx"
                  certificateKeyAlias="server"
                  type="RSA" />
    </SSLHostConfig>

> I'm running Tomcat 10. Seems like I tried putting them under everything 
> (Connector, SSLHostConfig, Certificate) but still get the warning in the 
> logs: failed to set property.
> Thanks,Chris    On Thursday, August 5, 2021, 03:37:54 PM EDT, Peter Kreuser 
> <l...@kreuser.name> wrote:  
> 
> Chris,
> 
>> Am 05.08.2021 um 18:32 schrieb Rob Sargent <rsarg...@xmission.com>:
>> 
>> 
>>>         Caused by: java.lang.IllegalArgumentException: No SSLHostConfig 
>>> element was found with the hostName [_default_] to match the 
>>> defaultSSLHostConfigName for the connector [https-jsse-nio-9443]
>>> 
>> 
> 
> The ssl-Options are not attributes on the connector, but the SSLHostConfig
> 
> http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#Common_Attributes
> 
> http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#SSL_Support
> 
> Peter
> 
>> Isn’t that the real issue?
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>

Reply via email to