Tomcat SSL Implementations

From Dogtag
Jump to: navigation, search

Overview

  • JSSE implementation
  • JSSE implementation with OpenSSL
  • APR implementation with OpenSSL
  • JSS implementation

JSSE Implementation

<Connector sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"/>

JSSE Implementation with OpenSSL

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" SSLRandomSeed="builtin"/>

<Connector sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"/>

APR Implementation

Notes:

  • requires tomcat-native
  • supports FIPS mode
  • requires certificate and key exported into PEM files

To install Tomcat native library:

$ dnf install tomcat-native

To enable APR connector:

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" SSLRandomSeed="builtin"
    useAprConnector="true" FIPSMode="on"/>

<Connector protocol="org.apache.coyote.http11.Http11AprProtocol">
    <SSLHostConfig ciphers="TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL" protocols="TLSv1.2">
        <Certificate certificateFile="/usr/share/tomcat/conf/sslserver.crt" certificateKeyFile="/usr/share/tomcat/conf/sslserver.key"/>
    </SSLHostConfig>
</Connector>

JSS Implementation

<Listener className="org.dogtagpki.tomcat.TomcatJSSListener"/>

References