You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Blake McBride <bl...@gmail.com> on 2023/03/25 14:16:53 UTC

Requirements to support HTTPS

Greetings,

I wanted to confirm my suspicions regarding packages needed in tomcat to
support HTTPS.

The config I am using is:

<Connector port="443"

               protocol="org.apache.coyote.http11.Http11Nio2Protocol"

              sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
...


My suspicion is:

OpenSSL - needed
APR - needed
Tomcat-native - not needed

Is that correct?

Thank you!

Blake McBride

Re: Requirements to support HTTPS

Posted by Kevin Huntly <km...@gmail.com>.

idk I went overboard and made my own CA and signed some certs lol

On Sat, Mar 25, 2023, 13:54 Christopher Schultz <
chris@christopherschultz.net> wrote:

> Blake,
>
> On 3/25/23 10:16, Blake McBride wrote:
> > I wanted to confirm my suspicions regarding packages needed in tomcat to
> > support HTTPS.
>
> You don't need anything except the core Tomcat and a reasonably recent
> JVM to support HTTPS. You may have some other requirements you'd like to
> place on top of that, but you haven't mentioned what those might be.
>
> > The config I am using is:
> >
> > <Connector port="443"
> >
> >                 protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> >
> >                sslImplementationName="org.apache.tomcat.util.net
> .openssl.OpenSSLImplementation"
> > ...
> >
> >
> > My suspicion is:
> >
> > OpenSSL - needed
> > APR - needed
> > Tomcat-native - not needed
> >
> > Is that correct?
>
> No, Tomcat native contains the glue you need to get at OpenSSL, so you
> need all of those things.
>
> You may not need OpenSSL and therefore that whole stack. Do you need
> particularly high-performance TLS?
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: Requirements to support HTTPS

Posted by Blake McBride <bl...@gmail.com>.

Hi Chris,

Thanks for the response!  However, I think what I am experiencing and what
you are saying are at odds.

I have native installed, but it is the wrong version and doesn't work with
my tomcat.  So, essentially, it's not installed.  (Unless the new protocol
I am using just doesn't use the problem areas of native.)

When I switched to the configuration shown, it worked.  I assume it's not
using native because of the trouble I had before.

So, are you sure I need native with the config I show?

Thanks a lot!

Blake


On Sat, Mar 25, 2023 at 12:54 PM Christopher Schultz <
chris@christopherschultz.net> wrote:

> Blake,
>
> On 3/25/23 10:16, Blake McBride wrote:
> > I wanted to confirm my suspicions regarding packages needed in tomcat to
> > support HTTPS.
>
> You don't need anything except the core Tomcat and a reasonably recent
> JVM to support HTTPS. You may have some other requirements you'd like to
> place on top of that, but you haven't mentioned what those might be.
>
> > The config I am using is:
> >
> > <Connector port="443"
> >
> >                 protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> >
> >                sslImplementationName="org.apache.tomcat.util.net
> .openssl.OpenSSLImplementation"
> > ...
> >
> >
> > My suspicion is:
> >
> > OpenSSL - needed
> > APR - needed
> > Tomcat-native - not needed
> >
> > Is that correct?
>
> No, Tomcat native contains the glue you need to get at OpenSSL, so you
> need all of those things.
>
> You may not need OpenSSL and therefore that whole stack. Do you need
> particularly high-performance TLS?
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: Requirements to support HTTPS

Posted by Christopher Schultz <ch...@christopherschultz.net>.

Blake,

On 3/25/23 10:16, Blake McBride wrote:
> I wanted to confirm my suspicions regarding packages needed in tomcat to
> support HTTPS.

You don't need anything except the core Tomcat and a reasonably recent 
JVM to support HTTPS. You may have some other requirements you'd like to 
place on top of that, but you haven't mentioned what those might be.

> The config I am using is:
> 
> <Connector port="443"
> 
>                 protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> 
>                sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
> ...
> 
> 
> My suspicion is:
> 
> OpenSSL - needed
> APR - needed
> Tomcat-native - not needed
> 
> Is that correct?

No, Tomcat native contains the glue you need to get at OpenSSL, so you 
need all of those things.

You may not need OpenSSL and therefore that whole stack. Do you need 
particularly high-performance TLS?

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Requirements to support HTTPS

Posted by Blake McBride <bl...@gmail.com>.

Perfect.  Thanks, Mark!


On Sat, Mar 25, 2023 at 2:37 PM Mark Thomas <ma...@apache.org> wrote:

>
>
> On 25/03/2023 14:16, Blake McBride wrote:
> > Greetings,
> >
> > I wanted to confirm my suspicions regarding packages needed in tomcat to
> > support HTTPS.
> >
> > The config I am using is:
> >
> > <Connector port="443"
> >
> >                 protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> >
> >                sslImplementationName="org.apache.tomcat.util.net
> .openssl.OpenSSLImplementation"
> > ...
> >
> >
> > My suspicion is:
> >
> > OpenSSL - needed
> > APR - needed
> > Tomcat-native - not needed
> >
> > Is that correct?
>
> No. For that configuration you can use Tomcat Native 1.2.x or 2.0.x.
>
> Tomcat Native depends on OpenSSL and APR. Whether you need to provide
> those dependencies explicitly will depend on how you have obtained
> Tomcat Native. The Windows binaries include all dependencies via static
> linking. Most (all?) Linux distributions use dynamic linking and should
> have the correct dependencies set so installed Tomcat Native installs
> the dependencies.
>
> Or just use JSSE which is a pure Java solution.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: Requirements to support HTTPS

Posted by Mark Thomas <ma...@apache.org>.

On 25/03/2023 14:16, Blake McBride wrote:
> Greetings,
> 
> I wanted to confirm my suspicions regarding packages needed in tomcat to
> support HTTPS.
> 
> The config I am using is:
> 
> <Connector port="443"
> 
>                 protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> 
>                sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
> ...
> 
> 
> My suspicion is:
> 
> OpenSSL - needed
> APR - needed
> Tomcat-native - not needed
> 
> Is that correct?

No. For that configuration you can use Tomcat Native 1.2.x or 2.0.x.

Tomcat Native depends on OpenSSL and APR. Whether you need to provide 
those dependencies explicitly will depend on how you have obtained 
Tomcat Native. The Windows binaries include all dependencies via static 
linking. Most (all?) Linux distributions use dynamic linking and should 
have the correct dependencies set so installed Tomcat Native installs 
the dependencies.

Or just use JSSE which is a pure Java solution.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org