2016-01-23 20:02 GMT+01:00 Martin Grigorov <mgrigo...@apache.org>:
> Hi Rémy,
> What changes I should apply to be able to test HTTP2 ?
> I've changed the protocol:
> <Connector port="8443"
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
> maxThreads="150" SSLEnabled="true" >
> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
> />
> <SSLHostConfig honorCipherOrder="false" >
> <Certificate certificateKeyFile="/tmp/tc9.0.1/private-key.pem"
> certificateFile="/tmp/tc9.0.1/cert.pem"
> type="RSA" />
> </SSLHostConfig>
> </Connector>
>
> and created ~/.keystore.
> Now I can start Tomcat and test my apps successfully with HTTP 1.1.
> The "Server" response header is "Apache-Coyote/1.1". And my plugin for
> Google Chrome says that SPDY/HTTP2 is not enabled.
>
> So I'm using:
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" aprPreferred="false" />
This tells the listener to not use the APR connector even if APR is present.
And a connector like:
<Connector port="8446" protocol="HTTP/1.1"
SSLEnabled="true" scheme="https" secure="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>
This will use NIO + OpenSSL. You don't have to use a keystore, you can
replace it with your certificateKeyFile="/tmp/tc9.0.1/private-key.pem"
certificateFile="/tmp/tc9.0.1/cert.pem"
To use other combinations and force OpenSSL, you can use
sslImplementationName="org.apache.tomcat.util.net.openssl.OpenSSLImplementation"
on the Connector element.
Rémy
