Misssing ServerSocketFactory in tomcat 8.5.x onwards (checked in 8.5.58)

> As per the below link
>
> https://github.com/spring-projects/spring-boot/issues/6164, the following
> features are removed from tomcat 8.5
>
> a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer exists
>
> b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer exists
>
> c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no
> longer exists
>
> d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer exists
>
> These make our upgrade from tomcat 8.0 to tomcat 8.5.x  challenging.
>
> We have two requirements
>
>    1. Tomcat AJP protocol receives encrypted content coming from the HTTP
>    server and gives an encrypted response. (In HTTP server we have ithe
>    functionality to encrypt using OpenSSL). In tomat versions, prior to 8.5
>    it was possible to extend using custom classes that implement tomcat's
>    ServerSocketFactory interface.
>    2. Store certificates file for tomcat https in a custom keystore (an XML
>    file)
>
> How these can be achieved in tomcat 8.5? Any suggestions are appreciated.

> On 10/02/2021 12:09, George Thomas wrote:
> > As per the below link
> >
> > https://github.com/spring-projects/spring-boot/issues/6164, the
> following
> > features are removed from tomcat 8.5
> >
> > a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer exists
> >
> > b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer
> exists
> >
> > c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no
> > longer exists
> >
> > d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer exists
> >
> > These make our upgrade from tomcat 8.0 to tomcat 8.5.x  challenging.
> >
> > We have two requirements
> >
> >    1. Tomcat AJP protocol receives encrypted content coming from the HTTP
> >    server and gives an encrypted response. (In HTTP server we have ithe
> >    functionality to encrypt using OpenSSL). In tomat versions, prior to
> 8.5
> >    it was possible to extend using custom classes that implement tomcat's
> >    ServerSocketFactory interface.
> >    2. Store certificates file for tomcat https in a custom keystore (an
> XML
> >    file)
> >
> > How these can be achieved in tomcat 8.5? Any suggestions are appreciated.
>
> The cleanest solution is likely to be switching from AJP to HTTPS.
>
> If you *really* want to continue down the AJP over TLS route then
> something like:
> - set SSLEnabled="true" on the AJP Connector
> - you'll need a custom AJP protocol implementation that extends
>   AjpNioProtocol and provides proper implementations of addSslHostConfig
>   and findSslHostConfigs
>
> should get you an AJP connector running over TLS.
>
> If the custom KeyStore has been implemented via the standard KeyStore
> SPI it should 'just work'. If it doesn't use the SPI then you'll need to
> create a custom SSLImplementation (probably extending
> JSSEImplementation) and then set the sslImplementationName attribute on
> the Connector.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

>
> On Wed, 10 Feb 2021 at 18:53, Mark Thomas <[hidden email]> wrote:
>
>> On 10/02/2021 12:09, George Thomas wrote:
>>> As per the below link
>>>
>>> https://github.com/spring-projects/spring-boot/issues/6164, the
>> following
>>> features are removed from tomcat 8.5
>>>
>>> a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer exists
>>>
>>> b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer
>> exists
>>>
>>> c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no
>>> longer exists
>>>
>>> d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer exists
>>>
>>> These make our upgrade from tomcat 8.0 to tomcat 8.5.x  challenging.
>>>
>>> We have two requirements
>>>
>>>    1. Tomcat AJP protocol receives encrypted content coming from the HTTP
>>>    server and gives an encrypted response. (In HTTP server we have ithe
>>>    functionality to encrypt using OpenSSL). In tomat versions, prior to
>> 8.5
>>>    it was possible to extend using custom classes that implement tomcat's
>>>    ServerSocketFactory interface.
>>>    2. Store certificates file for tomcat https in a custom keystore (an
>> XML
>>>    file)
>>>
>>> How these can be achieved in tomcat 8.5? Any suggestions are appreciated.
>>
>> The cleanest solution is likely to be switching from AJP to HTTPS.
>>
>> If you *really* want to continue down the AJP over TLS route then
>> something like:
>> - set SSLEnabled="true" on the AJP Connector
>> - you'll need a custom AJP protocol implementation that extends
>>   AjpNioProtocol and provides proper implementations of addSslHostConfig
>>   and findSslHostConfigs
>>
>> should get you an AJP connector running over TLS.
>>
>> If the custom KeyStore has been implemented via the standard KeyStore
>> SPI it should 'just work'. If it doesn't use the SPI then you'll need to
>> create a custom SSLImplementation (probably extending
>> JSSEImplementation) and then set the sslImplementationName attribute on
>> the Connector.
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>

> On 10/02/2021 17:11, George Thomas wrote:
> > Thanks, Mark for the reply. In our case, we may have to stick with AJP ..
> > However, I have not understood https way.
> >  Are you suggesting to listen to https port in place of AJP port and use
> a
> > different connector implementation at HTTP Server?
>
> Yes.
>
> Mark
>
>
> >
> > On Wed, 10 Feb 2021 at 18:53, Mark Thomas <[hidden email]> wrote:
> >
> >> On 10/02/2021 12:09, George Thomas wrote:
> >>> As per the below link
> >>>
> >>> https://github.com/spring-projects/spring-boot/issues/6164, the
> >> following
> >>> features are removed from tomcat 8.5
> >>>
> >>> a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer
> exists
> >>>
> >>> b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer
> >> exists
> >>>
> >>> c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no
> >>> longer exists
> >>>
> >>> d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer
> exists
> >>>
> >>> These make our upgrade from tomcat 8.0 to tomcat 8.5.x  challenging.
> >>>
> >>> We have two requirements
> >>>
> >>>    1. Tomcat AJP protocol receives encrypted content coming from the
> HTTP
> >>>    server and gives an encrypted response. (In HTTP server we have ithe
> >>>    functionality to encrypt using OpenSSL). In tomat versions, prior to
> >> 8.5
> >>>    it was possible to extend using custom classes that implement
> tomcat's
> >>>    ServerSocketFactory interface.
> >>>    2. Store certificates file for tomcat https in a custom keystore (an
> >> XML
> >>>    file)
> >>>
> >>> How these can be achieved in tomcat 8.5? Any suggestions are
> appreciated.
> >>
> >> The cleanest solution is likely to be switching from AJP to HTTPS.
> >>
> >> If you *really* want to continue down the AJP over TLS route then
> >> something like:
> >> - set SSLEnabled="true" on the AJP Connector
> >> - you'll need a custom AJP protocol implementation that extends
> >>   AjpNioProtocol and provides proper implementations of addSslHostConfig
> >>   and findSslHostConfigs
> >>
> >> should get you an AJP connector running over TLS.
> >>
> >> If the custom KeyStore has been implemented via the standard KeyStore
> >> SPI it should 'just work'. If it doesn't use the SPI then you'll need to
> >> create a custom SSLImplementation (probably extending
> >> JSSEImplementation) and then set the sslImplementationName attribute on
> >> the Connector.
> >>
> >> Mark
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [hidden email]
> >> For additional commands, e-mail: [hidden email]
> >>
> >>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>