-
Type:
Suggestion
-
Resolution: Unresolved
-
None
-
Component/s: CWD DoS
-
None
-
1
Note
Resolving this issue (for both upgrade or fresh install) requires manually update of <confluence_install>/conf/server.xml, as Tomcat 10.x requires new ssh config element. Please follow the below workaround or refer to the Tomcat 10.x official documentation here
Issue Summary
Crowd 7.x doesn't include the SSLHostconfig parameters by default in server.xml file as per the latest changes with Tomcat 10
Steps to Reproduce
- Install a Crowd version prior to 7.x
- Run Confluence over HTTPS as per Running Confluence over SSL/HTTPS
- Upgrade Crowd to version 7.x
Expected Results
Crowd should come up after once upgrade is completed.
Actual Results
Crowd fails to start and in the application logs we see below error. This indicates that server.xml configuration for the HTTPS connector is missing or incorrectly configured an SSLHostConfig element.
The below exception is thrown in the crowd.log file:
java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [_default_] to match the defaultSSLHostConfigName for the connector [https-jsse-nio2-9443]
Workaround
- Stop Crowd
- Take back up of <crowd_install>/apache-tomcat/conf
- Add SSL config parameters similar to below and restart Crowd:
<Connector port="8443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" useBodyEncodingForURI="true"> <SSLHostConfig protocols="TLSv1.2,TLSv1.3" certificateVerification="none"> <Certificate certificateKeyAlias="KeyAliasName" certificateKeystoreFile="/opt/atlassian/confluence/confluence_home/certs/keystore.jks" certificateKeystorePassword="changeit" certificateKeystoreType="JKS" /> </SSLHostConfig>