我正在使用Tomcat 8.5,并尝试为server.xml中的多个主机配置SSL配置,但我遇到了一个问题,即Openssl协议“org.apache.coyote.http11.Http11AprProtocol”仅尊重defaultSSLHostConfigNameattributes'(例如certificateVerification) ,protocols =“TLSv1.2”),即使对于定义了自己属性的主机也是如此。它会正确检查证书。 有趣的是,当我使用JSSE协议“org.apache.coyote.http11.Http11NioProtocol”时,它工作正常并且尊重其相应主机的配置(例如certificateVerification,协议)。下面我附上了我的server.xml代码
<Connector port="8690" protocol="org.apache.coyote.http11.Http11AprProtocol"
maxHttpHeaderSize="1234"
server="aaaa"
SSLEnabled="true" scheme="https" secure="true"
enableLookups="false" disableUploadTimeout="true"
maxThreads="150" minSpareThreads="25"
acceptCount="400" URIEncoding="UTF-8"
defaultSSLHostConfigName="abctest.com">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig
ciphers= ALL:!ADH:!TLSv1:!EXPORT40:!EXP:!LOW
honorCipherOrder="true"
disableCompression="true"
certificateVerification="required"
protocols="TLSv1.2" hostName="test123.com">
<Certificate certificateKeyFile="conf/XYZ-TESTSRV-KEY.crt"
certificateFile="conf/XYZ-TESTSRV.crt"
certificateChainFile="conf/XYZ-TESTSRV-CA.crt"
certificateKeyPassword="somepassword"
type="RSA" />
</SSLHostConfig>
<SSLHostConfig
disableCompression="true"
certificateVerification="optional"
protocols="TLSv1.1" hostName="abctest.com">
<Certificate certificateKeyFile="conf/abc.key"
certificateFile="conf/abc.crt"
certificateKeyPassword="somepassword"
type="RSA" />
</SSLHostConfig>
因此,对于上述xml,对于“org.apache.coyote.http11.Http11AprProtocol”,只有abctest.com的(defaultSSLHostConfigName)属性(certificateVerification,protocols =“TLSv1.2”)适用于所有主机。如果我会使用“org.apache.coyote.http11.Http11NioProtocol”根据相应的主机应用属性,但这不符合我的要求。这是Http11AprProtocol的问题???提前致谢