Overview#
JSSE implementation
JSSE implementation with OpenSSL
APR implementation with OpenSSL
JSS implementation
JSSE Implementation#
<Connector sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"/>
JSSE Implementation with OpenSSL#
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" SSLRandomSeed="builtin"/>
<Connector sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"/>
APR Implementation#
Notes:
requires tomcat-native
supports FIPS mode
requires certificate and key exported into PEM files
To install Tomcat native library:
$ dnf install tomcat-native
To enable APR connector:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" SSLRandomSeed="builtin"
useAprConnector="true" FIPSMode="on"/>
<Connector protocol="org.apache.coyote.http11.Http11AprProtocol">
<SSLHostConfig ciphers="TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL" protocols="TLSv1.2">
<Certificate certificateFile="/usr/share/tomcat/conf/sslserver.crt" certificateKeyFile="/usr/share/tomcat/conf/sslserver.key"/>
</SSLHostConfig>
</Connector>
JSS Implementation#
<Listener className="org.dogtagpki.tomcat.TomcatJSSListener"/>