Tomcat 8.5 server.xml仅支持“所有主机”的defaulthost的SSLHostConfig;org.apache.coyote.http11.http11aprotocol“;
我正在使用Tomcat 8.5,试图在server.xml中为多个主机配置SSL配置,但我遇到了一个问题,即Openssl协议“org.apache.coyote.http11.Http11AprProtocol”仅尊重defaultSSLHostConfigNameattributes(例如certificateVerification,protocols=“TLSv1.2”),即使对于定义了自己属性的主机也是如此。不过,它会正确地检查证书。 有趣的是,当我使用JSSE协议“org.apache.coyote.http11.Http11NioProtocol”时,它工作得很好,并且尊重相应主机的配置(例如认证、协议)。下面我附上我的server.xml代码Tomcat 8.5 server.xml仅支持“所有主机”的defaulthost的SSLHostConfig;org.apache.coyote.http11.http11aprotocol“;,xml,tomcat,openssl,server.xml,tomcat8.5,Xml,Tomcat,Openssl,Server.xml,Tomcat8.5,我正在使用Tomcat 8.5,试图在server.xml中为多个主机配置SSL配置,但我遇到了一个问题,即Openssl协议“org.apache.coyote.http11.Http11AprProtocol”仅尊重defaultSSLHostConfigNameattributes(例如certificateVerification,protocols=“TLSv1.2”),即使对于定义了自己属性的主机也是如此。不过,它会正确地检查证书。 有趣的是,当我使用JSSE协议“org.apach
<Connector port="8690" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxHttpHeaderSize="1234"
server="aaaa"
SSLEnabled="true" scheme="https" secure="true"
enableLookups="false" disableUploadTimeout="true"
maxThreads="150" minSpareThreads="25"
acceptCount="400" URIEncoding="UTF-8"
defaultSSLHostConfigName="abctest.com">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig
ciphers= ALL:!ADH:!TLSv1:!EXPORT40:!EXP:!LOW
honorCipherOrder="true"
disableCompression="true"
certificateVerification="required"
protocols="TLSv1.2" hostName="test123.com">
<Certificate certificateKeyFile="conf/XYZ-TESTSRV-KEY.crt"
certificateFile="conf/XYZ-TESTSRV.crt"
certificateChainFile="conf/XYZ-TESTSRV-CA.crt"
certificateKeyPassword="somepassword"
type="RSA" />
</SSLHostConfig>
<SSLHostConfig
disableCompression="true"
certificateVerification="optional"
protocols="TLSv1.1" hostName="abctest.com">
<Certificate certificateKeyFile="conf/abc.key"
certificateFile="conf/abc.crt"
certificateKeyPassword="somepassword"
type="RSA" />
</SSLHostConfig>