Re: Tomcat + APR: 'Invalid Server SSL Protocol' (was 'Tomcat + APR .. Socket bind failed')

Mon, 19 Oct 2009 20:18:51 -0700 

Ken Johanson wrote:

Ken Johanson wrote:
<snip>


After doing a kill, then startup I now get:

java.lang.Exception: Invalid Server SSL Protocol
        at org.apache.tomcat.jni.SSLContext.make(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:693) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107) at org.apache.catalina.connector.Connector.initialize(Connector.java:1058) 
...........
Oct 15, 2009 10:10:44 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException: Protocol handler initialization failed: java.lang.Exception: Invalid Server SSL Protocol 
        at
......

But I can't see where I'm deviating from docs with:
<Connector
    port="8443"
    enableLookups="false"
    SSLEnabled="true" scheme="https" secure="true"
    SSLCertificateFile="${catalina.base}/conf/cert.pem"
    SSLCertificateKeyFile="${catalina.base}/conf/key.pem"
    disableUploadTimeout="true"
    SSLVerifyClient="optional"
    sslProtocol="TLS"
/>
BTW I'm now tryng recent apache-tomcat-6.0.20 and rebuilt tomcat-native-1.1.16. 

Any insight would be immensely appreciated!

Best regards,
-Ken
Presumably the shutdown failure is caused by this NPE interrupting the call: 

Oct 15, 2009 10:19:29 PM org.apache.coyote.http11.Http11AprProtocol destroy
INFO: Stopping Coyote HTTP/1.1 on http-8080
Oct 15, 2009 10:19:29 PM org.apache.catalina.connector.MapperListener destroy 
WARNING: Error unregistering MBeanServerDelegate
java.lang.NullPointerException
at org.apache.catalina.connector.MapperListener.destroy(MapperListener.java:171) at org.apache.catalina.connector.Connector.stop(Connector.java:1179) at org.apache.catalina.core.StandardService.stop(StandardService.java:593) 



For the benefit of others:
the solution to this was to add the element:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/> 

as a child node of the 'Server' element.

This fact IS listed here:
http://tomcat.apache.org/tomcat-6.0-doc/apr.html
although it might be argued it is not clear that the Listener is REQUIRED for SSL to work under APR (listener may imply to some people that a user listener is offered for those who wish to intercept SSL session events) 

Regards,
-Ken



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to