Uploaded image for project: 'JIRA (including JIRA Core)'
  1. JIRA (including JIRA Core)
  2. JRA-24488

Change of Tomcat binary package for Windows breaks HTTPS

    Details

      Description

      As of JIRA 4.3.1 we are upgrading Tomcat to 6.0.32. In the same time we seem to change Tomcat's binary package for Windows from apache-tomcat-6.0.20.zip to apache-tomcat-6.0.32-windows-x86.zip.

      https://maven.atlassian.com/content/groups/internal/org/apache/tomcat/apache-tomcat/6.0.32/
      http://archive.apache.org/dist/tomcat/tomcat-6/v6.0.32/bin/

      This change introduce requirement for new way of configuring of HTTPS as Tomcat uses Apache Portable Runtime (APR) based Native library for Tomcat.

      Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number generation, system status, etc), and native process handling (shared memory, NT pipes and Unix sockets).

      These features allows making Tomcat a general purpose webserver, will enable much better integration with other native web technologies, and overall make Java much more viable as a full fledged webserver platform rather than simply a backend focused technology.

      If this is intended change we should alter our docs to indicate and warn users. Pages such as release notes and Running JIRA over SSL or HTTPS are just two possible candidates for the update.

      As of JIRA 4.3.1 the HTTPS connector needs to be configured in a completely different way with help of OpenSSL:

      <Connector port="443" maxHttpHeaderSize="8192"
                     maxThreads="150"
                     enableLookups="false" disableUploadTimeout="true"
                     acceptCount="100" scheme="https" secure="true"
                     SSLEnabled="true" 
                     SSLCertificateFile="${catalina.base}/conf/localhost.crt"
                     SSLCertificateKeyFile="${catalina.base}/conf/localhost.key" />
      

      http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS
      http://mircwiki.rsna.org/index.php?title=Configuring_Tomcat_to_Support_SSL

      Moreover, we need to ensure that we are consistent across the boarder and JIRA's Linux distribution also uses Apache Tomcat Native.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                pleschev Peter Leschev
                Reporter:
                bdziedzic Bogdan Dziedzic [Atlassian]
              • Votes:
                2 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: