SSL握手调试无法再与Apache Tomcat / 9.0.0.M22一起使用 [英] SSL Handshake Debugging not working any more with Apache Tomcat/9.0.0.M22
问题描述
我必须在Tomcat(操作系统:MS Windows)上调试SSL握手,因此我遵循了在Web上找到的说明,并在setenv.bat中启用了以下行:
I have to debug a SSL Handshake on Tomcat (OS: MS Windows), so I followed the instructions found in the web an enabled it with the following line in setenv.bat:
设置 JAVA_OPTS =%JAVA_OPTS%-Djavax.net.debug = ssl
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.debug=ssl"
使用Apache Tomcat / 9.0.0.M21一切正常,当我用浏览器打开页面时,可以在命令行上看到握手。
With Apache Tomcat/9.0.0.M21 everything works fine, when I opened the page with my browser I can see the handshake on the commandline.
使用Apache Tomcat / 9.0.0.M22我只能看到启动时正在加载哪些证书,但是之后,当我通过浏览器调用服务器时,命令行上不再生成任何输出。
With Apache Tomcat/9.0.0.M22 I only can see which certificates are beeing loaded on startup but after then when I call the server via browser no more output is generated on the commandline.
我可以发现的唯一区别是这些版本之间的协议处理程序不同:
The only difference I could find out is that the Protocolhandler is different between those versions:
- Apache Tomcat / 9.0.0.M21使用ProtocolHandler [ https-jsse-nio-8083]
- Apache Tomcat / 9.0.0.M22使用ProtocolHandler [ https-openssl-nio-8083]
我需要添加什么吗?要启用ssl握手调试功能吗?
Is there anything I have to do additional to enable ssl handshake-debugging?
这是我在server.xml中配置的连接器:
This is my Connector configured in server.xml:
<Connector port="8083" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="<Path to Keystore>"
keystorePass="<KeystorePW>" />
推荐答案
尝试通过添加
Try forcing JSSE use by adding sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" in your Connector . For any reason it's detecting APR and trying to use OpenSSL which is not working. You might fill a bug or ask the Tomcat users mailing-list, but 9.0.0 was a development release.
这篇关于SSL握手调试无法再与Apache Tomcat / 9.0.0.M22一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
