Misssing ServerSocketFactory in tomcat 8.5.x onwards (checked in 8.5.58)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Misssing ServerSocketFactory in tomcat 8.5.x onwards (checked in 8.5.58)

George Thomas
As per the below link

https://github.com/spring-projects/spring-boot/issues/6164, the following
features are removed from tomcat 8.5

a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer exists

b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer exists

c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no
longer exists

d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer exists

These make our upgrade from tomcat 8.0 to tomcat 8.5.x  challenging.

We have two requirements

   1. Tomcat AJP protocol receives encrypted content coming from the HTTP
   server and gives an encrypted response. (In HTTP server we have ithe
   functionality to encrypt using OpenSSL). In tomat versions, prior to 8.5
   it was possible to extend using custom classes that implement tomcat's
   ServerSocketFactory interface.
   2. Store certificates file for tomcat https in a custom keystore (an XML
   file)

How these can be achieved in tomcat 8.5? Any suggestions are appreciated.
Reply | Threaded
Open this post in threaded view
|

Re: Misssing ServerSocketFactory in tomcat 8.5.x onwards (checked in 8.5.58)

Mark Thomas-2
On 10/02/2021 12:09, George Thomas wrote:

> As per the below link
>
> https://github.com/spring-projects/spring-boot/issues/6164, the following
> features are removed from tomcat 8.5
>
> a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer exists
>
> b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer exists
>
> c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no
> longer exists
>
> d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer exists
>
> These make our upgrade from tomcat 8.0 to tomcat 8.5.x  challenging.
>
> We have two requirements
>
>    1. Tomcat AJP protocol receives encrypted content coming from the HTTP
>    server and gives an encrypted response. (In HTTP server we have ithe
>    functionality to encrypt using OpenSSL). In tomat versions, prior to 8.5
>    it was possible to extend using custom classes that implement tomcat's
>    ServerSocketFactory interface.
>    2. Store certificates file for tomcat https in a custom keystore (an XML
>    file)
>
> How these can be achieved in tomcat 8.5? Any suggestions are appreciated.

The cleanest solution is likely to be switching from AJP to HTTPS.

If you *really* want to continue down the AJP over TLS route then
something like:
- set SSLEnabled="true" on the AJP Connector
- you'll need a custom AJP protocol implementation that extends
  AjpNioProtocol and provides proper implementations of addSslHostConfig
  and findSslHostConfigs

should get you an AJP connector running over TLS.

If the custom KeyStore has been implemented via the standard KeyStore
SPI it should 'just work'. If it doesn't use the SPI then you'll need to
create a custom SSLImplementation (probably extending
JSSEImplementation) and then set the sslImplementationName attribute on
the Connector.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Misssing ServerSocketFactory in tomcat 8.5.x onwards (checked in 8.5.58)

George Thomas
Thanks, Mark for the reply. In our case, we may have to stick with AJP ..
However, I have not understood https way.
 Are you suggesting to listen to https port in place of AJP port and use a
different connector implementation at HTTP Server?

On Wed, 10 Feb 2021 at 18:53, Mark Thomas <[hidden email]> wrote:

> On 10/02/2021 12:09, George Thomas wrote:
> > As per the below link
> >
> > https://github.com/spring-projects/spring-boot/issues/6164, the
> following
> > features are removed from tomcat 8.5
> >
> > a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer exists
> >
> > b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer
> exists
> >
> > c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no
> > longer exists
> >
> > d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer exists
> >
> > These make our upgrade from tomcat 8.0 to tomcat 8.5.x  challenging.
> >
> > We have two requirements
> >
> >    1. Tomcat AJP protocol receives encrypted content coming from the HTTP
> >    server and gives an encrypted response. (In HTTP server we have ithe
> >    functionality to encrypt using OpenSSL). In tomat versions, prior to
> 8.5
> >    it was possible to extend using custom classes that implement tomcat's
> >    ServerSocketFactory interface.
> >    2. Store certificates file for tomcat https in a custom keystore (an
> XML
> >    file)
> >
> > How these can be achieved in tomcat 8.5? Any suggestions are appreciated.
>
> The cleanest solution is likely to be switching from AJP to HTTPS.
>
> If you *really* want to continue down the AJP over TLS route then
> something like:
> - set SSLEnabled="true" on the AJP Connector
> - you'll need a custom AJP protocol implementation that extends
>   AjpNioProtocol and provides proper implementations of addSslHostConfig
>   and findSslHostConfigs
>
> should get you an AJP connector running over TLS.
>
> If the custom KeyStore has been implemented via the standard KeyStore
> SPI it should 'just work'. If it doesn't use the SPI then you'll need to
> create a custom SSLImplementation (probably extending
> JSSEImplementation) and then set the sslImplementationName attribute on
> the Connector.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Misssing ServerSocketFactory in tomcat 8.5.x onwards (checked in 8.5.58)

Mark Thomas-2
On 10/02/2021 17:11, George Thomas wrote:
> Thanks, Mark for the reply. In our case, we may have to stick with AJP ..
> However, I have not understood https way.
>  Are you suggesting to listen to https port in place of AJP port and use a
> different connector implementation at HTTP Server?

Yes.

Mark


>
> On Wed, 10 Feb 2021 at 18:53, Mark Thomas <[hidden email]> wrote:
>
>> On 10/02/2021 12:09, George Thomas wrote:
>>> As per the below link
>>>
>>> https://github.com/spring-projects/spring-boot/issues/6164, the
>> following
>>> features are removed from tomcat 8.5
>>>
>>> a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer exists
>>>
>>> b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer
>> exists
>>>
>>> c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no
>>> longer exists
>>>
>>> d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer exists
>>>
>>> These make our upgrade from tomcat 8.0 to tomcat 8.5.x  challenging.
>>>
>>> We have two requirements
>>>
>>>    1. Tomcat AJP protocol receives encrypted content coming from the HTTP
>>>    server and gives an encrypted response. (In HTTP server we have ithe
>>>    functionality to encrypt using OpenSSL). In tomat versions, prior to
>> 8.5
>>>    it was possible to extend using custom classes that implement tomcat's
>>>    ServerSocketFactory interface.
>>>    2. Store certificates file for tomcat https in a custom keystore (an
>> XML
>>>    file)
>>>
>>> How these can be achieved in tomcat 8.5? Any suggestions are appreciated.
>>
>> The cleanest solution is likely to be switching from AJP to HTTPS.
>>
>> If you *really* want to continue down the AJP over TLS route then
>> something like:
>> - set SSLEnabled="true" on the AJP Connector
>> - you'll need a custom AJP protocol implementation that extends
>>   AjpNioProtocol and provides proper implementations of addSslHostConfig
>>   and findSslHostConfigs
>>
>> should get you an AJP connector running over TLS.
>>
>> If the custom KeyStore has been implemented via the standard KeyStore
>> SPI it should 'just work'. If it doesn't use the SPI then you'll need to
>> create a custom SSLImplementation (probably extending
>> JSSEImplementation) and then set the sslImplementationName attribute on
>> the Connector.
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Misssing ServerSocketFactory in tomcat 8.5.x onwards (checked in 8.5.58)

George Thomas
Thanks for the clarification.

On Wed, 10 Feb 2021 at 22:52, Mark Thomas <[hidden email]> wrote:

> On 10/02/2021 17:11, George Thomas wrote:
> > Thanks, Mark for the reply. In our case, we may have to stick with AJP ..
> > However, I have not understood https way.
> >  Are you suggesting to listen to https port in place of AJP port and use
> a
> > different connector implementation at HTTP Server?
>
> Yes.
>
> Mark
>
>
> >
> > On Wed, 10 Feb 2021 at 18:53, Mark Thomas <[hidden email]> wrote:
> >
> >> On 10/02/2021 12:09, George Thomas wrote:
> >>> As per the below link
> >>>
> >>> https://github.com/spring-projects/spring-boot/issues/6164, the
> >> following
> >>> features are removed from tomcat 8.5
> >>>
> >>> a) Class org.apache.tomcat.util.net.ServerSocketFactory no longer
> exists
> >>>
> >>> b) Class org.apache.tomcat.util.net.jsse.JSSESocketFactory no longer
> >> exists
> >>>
> >>> c) Method JSSEImplementaton.getServerSockerFactory(AbstractEndpoint) no
> >>> longer exists
> >>>
> >>> d) Method JSSEImplementaton.getSSLUtil(AbstractEndpoint) no longer
> exists
> >>>
> >>> These make our upgrade from tomcat 8.0 to tomcat 8.5.x  challenging.
> >>>
> >>> We have two requirements
> >>>
> >>>    1. Tomcat AJP protocol receives encrypted content coming from the
> HTTP
> >>>    server and gives an encrypted response. (In HTTP server we have ithe
> >>>    functionality to encrypt using OpenSSL). In tomat versions, prior to
> >> 8.5
> >>>    it was possible to extend using custom classes that implement
> tomcat's
> >>>    ServerSocketFactory interface.
> >>>    2. Store certificates file for tomcat https in a custom keystore (an
> >> XML
> >>>    file)
> >>>
> >>> How these can be achieved in tomcat 8.5? Any suggestions are
> appreciated.
> >>
> >> The cleanest solution is likely to be switching from AJP to HTTPS.
> >>
> >> If you *really* want to continue down the AJP over TLS route then
> >> something like:
> >> - set SSLEnabled="true" on the AJP Connector
> >> - you'll need a custom AJP protocol implementation that extends
> >>   AjpNioProtocol and provides proper implementations of addSslHostConfig
> >>   and findSslHostConfigs
> >>
> >> should get you an AJP connector running over TLS.
> >>
> >> If the custom KeyStore has been implemented via the standard KeyStore
> >> SPI it should 'just work'. If it doesn't use the SPI then you'll need to
> >> create a custom SSLImplementation (probably extending
> >> JSSEImplementation) and then set the sslImplementationName attribute on
> >> the Connector.
> >>
> >> Mark
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [hidden email]
> >> For additional commands, e-mail: [hidden email]
> >>
> >>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>