Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-13987

Confluence 2.10 Standalone Default SSL Implementation Not Compatible With Tomcat 6

    XMLWordPrintable

Details

    Description

      I was working on upgrading my Confluence development server from version 2.9.2 to 2.10 when I ran into the following problem.

      My Confluence 2.9.2 instance (and 2.8 before that) ran over regular http and over https without any trouble. However, after installing 2.10, I was no longer able to connect to Confluence via https. After examining the catalina.out file, I saw that the listener and connector as specified in my server.xml file had opened the proper ports:

      Dec 5, 2008 2:41:30 PM org.apache.coyote.http11.Http11Protocol init
      INFO: Initializing Coyote HTTP/1.1 on http-8090
      Dec 5, 2008 2:41:30 PM org.apache.coyote.http11.Http11Protocol init
      INFO: Initializing Coyote HTTP/1.1 on http-8453

      However, when I would try to connect to Confluence via https on port 8453, the browser would show evidence that it had connected and was waiting for a response. It would eventually timeout. I attempted to debug this using using the following openssl command:

      openssl s_client -connect confluencedev:8453

      This command would respond with a "CONNECT" message, and then after some time it would timeout with an SSL Handshake error.

      I did not change the locations of any keystores, and the configuration matched my Confluence 2.9.2 configuration.

      Looking through the Tomcat 6 documentation, I noticed that there is a parameter that has been added since Tomcat 5.5, SSLEnabled. This parameter by default is set to "false." The https connector section in the server.xml file was missing the "SSLEnabled" parameter. In order to make SSL work, that parameter needs to be included and set to "true." I changed my connector to this:

      <Connector port="8453" maxHttpHeaderSize="8192"
      maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
      enableLookups="false" disableUploadTimeout="true"
      acceptCount="100" scheme="https" secure="true" SSLEnabled="true"
      clientAuth="false" sslProtocol="TLS"
      URIEncoding="UTF-8" keystorePass="blah" />

      After making that change, Confluence 2.10 now works over https on port 8453. It would be great if this change could be included in the Confluence documentation or if the SSLEnabled parameter could be included in the https connector in the default server.xml file

      -Nick

      Attachments

        Activity

          People

            cmiller CharlesA
            0f9bf56823f9 Nicholas Mucci
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: