Author: markt
Date: Fri Oct 16 16:39:21 2015
New Revision: 1709054
URL: http://svn.apache.org/viewvc?rev=1709054&view=rev
Log:
Fill in the 9.0.x migration TODOs
Modified:
tomcat/site/trunk/docs/migration-9.html
tomcat/site/trunk/xdocs/migration-9.xml
Modified: tomcat/site/trunk/docs/migration-9.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-9.html?rev=1709054&r1=1709053&r2=1709054&view=diff
==============================================================================
--- tomcat/site/trunk/docs/migration-9.html (original)
+++ tomcat/site/trunk/docs/migration-9.html Fri Oct 16 16:39:21 2015
@@ -233,7 +233,7 @@
<a href="#HTTP/2_support_added">HTTP/2 support added</a>
</li>
<li>
-<a href="#TLS_virtua_hosting_and_multiple_certificate_support_added">TLS
virtua hosting and multiple certificate support added</a>
+<a href="#TLS_virtual_hosting_and_multiple_certificate_support_added">TLS
virtual hosting and multiple certificate support added</a>
</li>
<li>
<a href="#Internal_APIs">Internal APIs</a>
@@ -394,7 +394,17 @@ of Apache Tomcat.</p>
<div class="text">
-<p>TODO.</p>
+<p>HTTP/2 is supported for h2 (over TLS, negotiated via ALPN) and h2c (clear
+ text, negotiated via HTTP/1.1 upgrade). HTTP/2 needs to be explicitly
+ enabled for a connector. To enable it, insert
+ <div class="codeBox">
+<pre>
+<code><UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
/></code>
+</pre>
+</div>
+ inside the connector for which you wish to enable HTTP/2. Note that to
+ enable HTTP/2 for a secure NIO or NIO2 connector, those connectors must be
+ using the OpenSSL engine for TLS.</p>
</div>
@@ -402,11 +412,51 @@ of Apache Tomcat.</p>
<div class="subsection">
-<h4 id="TLS_virtua_hosting_and_multiple_certificate_support_added">TLS virtua
hosting and multiple certificate support added</h4>
+<h4 id="TLS_virtual_hosting_and_multiple_certificate_support_added">TLS
virtual hosting and multiple certificate support added</h4>
<div class="text">
-<p>TODO.</p>
+<p>Tomcat 9 supports multiple TLS virtual hosts for a single connector with
+ each virtual host able to support multiple certificates. Virtual host
+ definitions are nested inside the Connector element with the default
+ specified using the <strong>sslDefaultHost</strong> attribute on the
+ Connector if more than one virtual host is specified. Certificate
+ definitions are nested inside the virtual host.</p>
+
+
+<p>The following example shows how to use this to configure a single
+ APR/native connector for multiple TLS virtual hosts with each host having
+ both an RSA and EC certificate.
+
+<div class="codeBox">
+<pre>
+<code>
+<Connector port="8443"
+ protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150"
+ SSLEnabled="true"
+ sslDefaultHost="openoffice.apache.org" >
+ <SSLHostConfig hostName="openoffice.apache.org" >
+ <Certificate
certificateKeyFile="conf/openoffice.apache.org-rsa-key.pem"
+ certificateFile="conf/openoffice.apache.org-rsa-cert.pem"
+ type="RSA" />
+ <Certificate
certificateKeyFile="conf/openoffice.apache.org-ec-key.pem"
+ certificateFile="conf/openoffice.apache.org-ec-cert.pem"
+ type="EC" />
+ </SSLHostConfig>
+ <SSLHostConfig hostName="www.openoffice.org" >
+ <Certificate
certificateKeyFile="conf/www.openoffice.org-rsa-key.pem"
+ certificateFile="conf/www.openoffice.org-rsa-cert.pem"
+ type="RSA" />
+ <Certificate certificateKeyFile="conf/www.openoffice.org-ec-key.pem"
+ certificateFile="conf/www.openoffice.org-ec-cert.pem"
+ type="EC" />
+ </SSLHostConfig>
+</Connector>
+</code>
+</pre>
+</div>
+</p>
</div>
Modified: tomcat/site/trunk/xdocs/migration-9.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/migration-9.xml?rev=1709054&r1=1709053&r2=1709054&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/migration-9.xml (original)
+++ tomcat/site/trunk/xdocs/migration-9.xml Fri Oct 16 16:39:21 2015
@@ -101,13 +101,53 @@ of Apache Tomcat.</p>
<subsection name="HTTP/2 support added">
- <p>TODO.</p>
+ <p>HTTP/2 is supported for h2 (over TLS, negotiated via ALPN) and h2c
(clear
+ text, negotiated via HTTP/1.1 upgrade). HTTP/2 needs to be explicitly
+ enabled for a connector. To enable it, insert
+ <source><![CDATA[<UpgradeProtocol
className="org.apache.coyote.http2.Http2Protocol" />]]></source>
+ inside the connector for which you wish to enable HTTP/2. Note that to
+ enable HTTP/2 for a secure NIO or NIO2 connector, those connectors must be
+ using the OpenSSL engine for TLS.</p>
</subsection>
- <subsection name="TLS virtua hosting and multiple certificate support added">
+ <subsection name="TLS virtual hosting and multiple certificate support
added">
- <p>TODO.</p>
+ <p>Tomcat 9 supports multiple TLS virtual hosts for a single connector with
+ each virtual host able to support multiple certificates. Virtual host
+ definitions are nested inside the Connector element with the default
+ specified using the <strong>sslDefaultHost</strong> attribute on the
+ Connector if more than one virtual host is specified. Certificate
+ definitions are nested inside the virtual host.</p>
+
+ <p>The following example shows how to use this to configure a single
+ APR/native connector for multiple TLS virtual hosts with each host having
+ both an RSA and EC certificate.
+
+<source><![CDATA[
+<Connector port="8443"
+ protocol="org.apache.coyote.http11.Http11AprProtocol"
+ maxThreads="150"
+ SSLEnabled="true"
+ sslDefaultHost="openoffice.apache.org" >
+ <SSLHostConfig hostName="openoffice.apache.org" >
+ <Certificate
certificateKeyFile="conf/openoffice.apache.org-rsa-key.pem"
+ certificateFile="conf/openoffice.apache.org-rsa-cert.pem"
+ type="RSA" />
+ <Certificate certificateKeyFile="conf/openoffice.apache.org-ec-key.pem"
+ certificateFile="conf/openoffice.apache.org-ec-cert.pem"
+ type="EC" />
+ </SSLHostConfig>
+ <SSLHostConfig hostName="www.openoffice.org" >
+ <Certificate certificateKeyFile="conf/www.openoffice.org-rsa-key.pem"
+ certificateFile="conf/www.openoffice.org-rsa-cert.pem"
+ type="RSA" />
+ <Certificate certificateKeyFile="conf/www.openoffice.org-ec-key.pem"
+ certificateFile="conf/www.openoffice.org-ec-cert.pem"
+ type="EC" />
+ </SSLHostConfig>
+</Connector>
+]]></source></p>
</subsection>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
