问题
I have to debug a SSL Handshake on Tomcat (OS: MS Windows), so I followed the instructions found in the web an enabled it with the following line in setenv.bat:
set "JAVA_OPTS=%JAVA_OPTS% -Djavax.net.debug=ssl"
With Apache Tomcat/9.0.0.M21 everything works fine, when I opened the page with my browser I can see the handshake on the commandline.
With Apache Tomcat/9.0.0.M22 I only can see which certificates are beeing loaded on startup but after then when I call the server via browser no more output is generated on the commandline.
The only difference I could find out is that the Protocolhandler is different between those versions:
- Apache Tomcat/9.0.0.M21 uses ProtocolHandler ["https-jsse-nio-8083"]
- Apache Tomcat/9.0.0.M22 uses ProtocolHandler ["https-openssl-nio-8083"]
Is there anything I have to do additional to enable ssl handshake-debugging?
This is my Connector configured in server.xml:
<Connector port="8083" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="<Path to Keystore>"
keystorePass="<KeystorePW>" />
回答1:
Try forcing JSSE use by adding sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation" in your Connector . For any reason it's detecting APR and trying to use OpenSSL which is not working. You might fill a bug or ask the Tomcat users mailing-list, but 9.0.0 was a development release.
来源:https://stackoverflow.com/questions/48679472/ssl-handshake-debugging-not-working-any-more-with-apache-tomcat-9-0-0-m22