Tomcat SSL Implementations
From Dogtag
Contents
Overview
- JSSE implementation
- JSSE implementation with OpenSSL
- APR implementation with OpenSSL
- JSS implementation
JSSE Implementation
<Connector sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"/>
JSSE Implementation with OpenSSL
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" SSLRandomSeed="builtin"/> <Connector sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"/>
APR Implementation
Notes:
- requires tomcat-native
- supports FIPS mode
- requires certificate and key exported into PEM files
To install Tomcat native library:
$ dnf install tomcat-native
To enable APR connector:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" SSLRandomSeed="builtin" useAprConnector="true" FIPSMode="on"/> <Connector protocol="org.apache.coyote.http11.Http11AprProtocol"> <SSLHostConfig ciphers="TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL" protocols="TLSv1.2"> <Certificate certificateFile="/usr/share/tomcat/conf/sslserver.crt" certificateKeyFile="/usr/share/tomcat/conf/sslserver.key"/> </SSLHostConfig> </Connector>
JSS Implementation
<Listener className="org.dogtagpki.tomcat.TomcatJSSListener"/>