You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Blake McBride <bl...@gmail.com> on 2023/03/25 14:16:53 UTC
Requirements to support HTTPS
Greetings,
I wanted to confirm my suspicions regarding packages needed in tomcat to
support HTTPS.
The config I am using is:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
...
My suspicion is:
OpenSSL - needed
APR - needed
Tomcat-native - not needed
Is that correct?
Thank you!
Blake McBride
Re: Requirements to support HTTPS
Posted by Kevin Huntly <km...@gmail.com>.
idk I went overboard and made my own CA and signed some certs lol
On Sat, Mar 25, 2023, 13:54 Christopher Schultz <
chris@christopherschultz.net> wrote:
> Blake,
>
> On 3/25/23 10:16, Blake McBride wrote:
> > I wanted to confirm my suspicions regarding packages needed in tomcat to
> > support HTTPS.
>
> You don't need anything except the core Tomcat and a reasonably recent
> JVM to support HTTPS. You may have some other requirements you'd like to
> place on top of that, but you haven't mentioned what those might be.
>
> > The config I am using is:
> >
> > <Connector port="443"
> >
> > protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> >
> > sslImplementationName="org.apache.tomcat.util.net
> .openssl.OpenSSLImplementation"
> > ...
> >
> >
> > My suspicion is:
> >
> > OpenSSL - needed
> > APR - needed
> > Tomcat-native - not needed
> >
> > Is that correct?
>
> No, Tomcat native contains the glue you need to get at OpenSSL, so you
> need all of those things.
>
> You may not need OpenSSL and therefore that whole stack. Do you need
> particularly high-performance TLS?
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Requirements to support HTTPS
Posted by Blake McBride <bl...@gmail.com>.
Hi Chris,
Thanks for the response! However, I think what I am experiencing and what
you are saying are at odds.
I have native installed, but it is the wrong version and doesn't work with
my tomcat. So, essentially, it's not installed. (Unless the new protocol
I am using just doesn't use the problem areas of native.)
When I switched to the configuration shown, it worked. I assume it's not
using native because of the trouble I had before.
So, are you sure I need native with the config I show?
Thanks a lot!
Blake
On Sat, Mar 25, 2023 at 12:54 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Blake,
>
> On 3/25/23 10:16, Blake McBride wrote:
> > I wanted to confirm my suspicions regarding packages needed in tomcat to
> > support HTTPS.
>
> You don't need anything except the core Tomcat and a reasonably recent
> JVM to support HTTPS. You may have some other requirements you'd like to
> place on top of that, but you haven't mentioned what those might be.
>
> > The config I am using is:
> >
> > <Connector port="443"
> >
> > protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> >
> > sslImplementationName="org.apache.tomcat.util.net
> .openssl.OpenSSLImplementation"
> > ...
> >
> >
> > My suspicion is:
> >
> > OpenSSL - needed
> > APR - needed
> > Tomcat-native - not needed
> >
> > Is that correct?
>
> No, Tomcat native contains the glue you need to get at OpenSSL, so you
> need all of those things.
>
> You may not need OpenSSL and therefore that whole stack. Do you need
> particularly high-performance TLS?
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Requirements to support HTTPS
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Blake,
On 3/25/23 10:16, Blake McBride wrote:
> I wanted to confirm my suspicions regarding packages needed in tomcat to
> support HTTPS.
You don't need anything except the core Tomcat and a reasonably recent
JVM to support HTTPS. You may have some other requirements you'd like to
place on top of that, but you haven't mentioned what those might be.
> The config I am using is:
>
> <Connector port="443"
>
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
> ...
>
>
> My suspicion is:
>
> OpenSSL - needed
> APR - needed
> Tomcat-native - not needed
>
> Is that correct?
No, Tomcat native contains the glue you need to get at OpenSSL, so you
need all of those things.
You may not need OpenSSL and therefore that whole stack. Do you need
particularly high-performance TLS?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Requirements to support HTTPS
Posted by Blake McBride <bl...@gmail.com>.
Perfect. Thanks, Mark!
On Sat, Mar 25, 2023 at 2:37 PM Mark Thomas <ma...@apache.org> wrote:
>
>
> On 25/03/2023 14:16, Blake McBride wrote:
> > Greetings,
> >
> > I wanted to confirm my suspicions regarding packages needed in tomcat to
> > support HTTPS.
> >
> > The config I am using is:
> >
> > <Connector port="443"
> >
> > protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> >
> > sslImplementationName="org.apache.tomcat.util.net
> .openssl.OpenSSLImplementation"
> > ...
> >
> >
> > My suspicion is:
> >
> > OpenSSL - needed
> > APR - needed
> > Tomcat-native - not needed
> >
> > Is that correct?
>
> No. For that configuration you can use Tomcat Native 1.2.x or 2.0.x.
>
> Tomcat Native depends on OpenSSL and APR. Whether you need to provide
> those dependencies explicitly will depend on how you have obtained
> Tomcat Native. The Windows binaries include all dependencies via static
> linking. Most (all?) Linux distributions use dynamic linking and should
> have the correct dependencies set so installed Tomcat Native installs
> the dependencies.
>
> Or just use JSSE which is a pure Java solution.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Requirements to support HTTPS
Posted by Mark Thomas <ma...@apache.org>.
On 25/03/2023 14:16, Blake McBride wrote:
> Greetings,
>
> I wanted to confirm my suspicions regarding packages needed in tomcat to
> support HTTPS.
>
> The config I am using is:
>
> <Connector port="443"
>
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>
> sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
> ...
>
>
> My suspicion is:
>
> OpenSSL - needed
> APR - needed
> Tomcat-native - not needed
>
> Is that correct?
No. For that configuration you can use Tomcat Native 1.2.x or 2.0.x.
Tomcat Native depends on OpenSSL and APR. Whether you need to provide
those dependencies explicitly will depend on how you have obtained
Tomcat Native. The Windows binaries include all dependencies via static
linking. Most (all?) Linux distributions use dynamic linking and should
have the correct dependencies set so installed Tomcat Native installs
the dependencies.
Or just use JSSE which is a pure Java solution.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org