Overview

• JSSE implementation

• JSSE implementation with OpenSSL

• APR implementation with OpenSSL

• JSS implementation

JSSE Implementation

<Connector sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"/>

JSSE Implementation with OpenSSL

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" SSLRandomSeed="builtin"/>

<Connector sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"/>

APR Implementation

Notes:

• requires tomcat-native

• supports FIPS mode

• requires certificate and key exported into PEM files

To install Tomcat native library:

$ dnf install tomcat-native

To enable APR connector:

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" SSLRandomSeed="builtin"
    useAprConnector="true" FIPSMode="on"/>

<Connector protocol="org.apache.coyote.http11.Http11AprProtocol">
    <SSLHostConfig ciphers="TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL" protocols="TLSv1.2">
        <Certificate certificateFile="/usr/share/tomcat/conf/sslserver.crt" certificateKeyFile="/usr/share/tomcat/conf/sslserver.key"/>
    </SSLHostConfig>
</Connector>

JSS Implementation

<Listener className="org.dogtagpki.tomcat.TomcatJSSListener"/>

References

• User Guide

• Apache Tomcat Native Library

• AprLifecycleListener.java