Gitiles
Code Review Sign In
source.supwisdom.com / UniIdentify / tomcat / fd5ee81fec460cbe9ad65f300b0faf1bf03c19bc / . / tomcat-uidm / webapps / docs / config / http.html
blob: c5b88c0292857a9292a432e38c2ec12a9da3a30f [file] [log] [blame]
Hongqing Liufd5ee812014-05-10 16:32:51 +0800[diff] [blame^]1<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat Configuration Reference (6.0.39) - The HTTP Connector</title><meta name="author" content="Craig R. McClanahan"><meta name="author" content="Yoav Shapira"><style type="text/css" media="print">
2 .noPrint {display: none;}
3 td#mainBody {width: 100%;}
4 </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="../images/tomcat.gif" align="right" alt="
5 The Apache Tomcat Servlet/JSP Container
6 " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 6.0</font></h1><font face="arial,helvetica,sanserif">Version 6.0.39, Jan 27 2014</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="../images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap="nowrap" class="noPrint"><p><strong>Links</strong></p><ul><li><a href="../index.html">Docs Home</a></li><li><a href="index.html">Config Ref. Home</a></li></ul><p><strong>Top Level Elements</strong></p><ul><li><a href="server.html">Server</a></li><li><a href="service.html">Service</a></li></ul><p><strong>Executors</strong></p><ul><li><a href="executor.html">Executor</a></li></ul><p><strong>Connectors</strong></p><ul><li><a href="http.html">HTTP</a></li><li><a href="ajp.html">AJP</a></li></ul><p><strong>Containers</strong></p><ul><li><a href="context.html">Context</a></li><li><a href="engine.html">Engine</a></li><li><a href="host.html">Host</a></li><li><a href="cluster.html">Cluster</a></li></ul><p><strong>Nested Components</strong></p><ul><li><a href="globalresources.html">Global Resources</a></li><li><a href="listeners.html">Listeners</a></li><li><a href="loader.html">Loader</a></li><li><a href="manager.html">Manager</a></li><li><a href="realm.html">Realm</a></li><li><a href="resources.html">Resources</a></li><li><a href="valve.html">Valve</a></li></ul><p><strong>Cluster Elements</strong></p><ul><li><a href="cluster.html">Cluster</a></li><li><a href="cluster-manager.html">Manager</a></li><li><a href="cluster-channel.html">Channel</a></li><li><a href="cluster-membership.html">Channel/Membership</a></li><li><a href="cluster-sender.html">Channel/Sender</a></li><li><a href="cluster-receiver.html">Channel/Receiver</a></li><li><a href="cluster-interceptor.html">Channel/Interceptor</a></li><li><a href="cluster-valve.html">Valve</a></li><li><a href="cluster-deployer.html">Deployer</a></li><li><a href="cluster-listener.html">ClusterListener</a></li></ul><p><strong>Other</strong></p><ul><li><a href="filter.html">Filter</a></li><li><a href="systemprops.html">System properties</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>Apache Tomcat Configuration Reference</h1><h2>The HTTP Connector</h2><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
7<ul><li><a href="#Introduction">Introduction</a></li><li><a href="#Attributes">Attributes</a><ol><li><a href="#Common_Attributes">Common Attributes</a></li><li><a href="#Standard_Implementation">Standard Implementation</a></li><li><a href="#Nio_Implementation">Nio Implementation</a></li></ol></li><li><a href="#Nested_Components">Nested Components</a></li><li><a href="#Special_Features">Special Features</a><ol><li><a href="#HTTP/1.1_and_HTTP/1.0_Support">HTTP/1.1 and HTTP/1.0 Support</a></li><li><a href="#Proxy_Support">Proxy Support</a></li><li><a href="#SSL_Support">SSL Support</a></li><li><a href="#Connector_Comparison">Connector Comparison</a></li></ol></li></ul>
8</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Introduction"><strong>Introduction</strong></a></font></td></tr><tr><td><blockquote>
9
10 <p>The <strong>HTTP Connector</strong> element represents a
11 <strong>Connector</strong> component that supports the HTTP/1.1 protocol.
12 It enables Catalina to function as a stand-alone web server, in addition
13 to its ability to execute servlets and JSP pages. A particular instance
14 of this component listens for connections on a specific TCP port number
15 on the server. One or more such <strong>Connectors</strong> can be
16 configured as part of a single <a href="service.html">Service</a>, each
17 forwarding to the associated <a href="engine.html">Engine</a> to perform
18 request processing and create the response.</p>
19
20 <p>If you wish to configure the <strong>Connector</strong> that is used
21 for connections to web servers using the AJP protocol (such as the
22 <code>mod_jk 1.2.x</code> connector for Apache 1.3), see
23 <a href="ajp.html">here</a> instead.</p>
24
25 <p>Each incoming request requires
26 a thread for the duration of that request. If more simultaneous requests
27 are received than can be handled by the currently available request
28 processing threads, additional threads will be created up to the
29 configured maximum (the value of the <code>maxThreads</code> attribute).
30 If still more simultaneous requests are received, they are stacked up
31 inside the server socket created by the <strong>Connector</strong>, up to
32 the configured maximum (the value of the <code>acceptCount</code>
33 attribute). Any further simultaneous requests will receive "connection
34 refused" errors, until resources are available to process them.</p>
35
36</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Attributes"><strong>Attributes</strong></a></font></td></tr><tr><td><blockquote>
37
38 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Common Attributes"><!--()--></a><a name="Common_Attributes"><strong>Common Attributes</strong></a></font></td></tr><tr><td><blockquote>
39
40 <p>All implementations of <strong>Connector</strong>
41 support the following attributes:</p>
42
43 <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>allowTrace</code></td><td align="left" valign="center">
44 <p>A boolean value which can be used to enable or disable the TRACE
45 HTTP method. If not specified, this attribute is set to false.</p>
46 </td></tr><tr><td align="left" valign="center"><code>emptySessionPath</code></td><td align="left" valign="center">
47 <p>If set to <code>true</code>, all paths for session cookies will be set
48 to <code>/</code>. This can be useful for portlet specification implementations.
49 If not specified, this attribute is set to <code>false</code>.<br>
50 A side effect to setting this to true, is that if Tomcat creates a new session it will attempt to use the
51 cookie session id if supplied by the client.<br>
52 <a href="http://svn.apache.org/viewvc/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/connector/Request.java?diff_format=h&view=log#rev303682">SVN check in</a><br>
53 <a href="http://tomcat.markmail.org/search/?q=emptysessionpath%20reuse#query:emptysessionpath%20reuse%20date%3A200502%20+page:1+mid:2bocwjhn3cczsoii+state:results">Dev discussion</a><br>
54 <a href="https://issues.apache.org/bugzilla/show_bug.cgi?id=47298">Work around</a>
55 </p>
56 </td></tr><tr><td align="left" valign="center"><code>enableLookups</code></td><td align="left" valign="center">
57 <p>Set to <code>true</code> if you want calls to
58 <code>request.getRemoteHost()</code> to perform DNS lookups in
59 order to return the actual host name of the remote client. Set
60 to <code>false</code> to skip the DNS lookup and return the IP
61 address in String form instead (thereby improving performance).
62 By default, DNS lookups are disabled.</p>
63 </td></tr><tr><td align="left" valign="center"><code>maxHeaderCount</code></td><td align="left" valign="center">
64 <p>The maximum number of headers in a request that are allowed by the
65 container. A request that contains more headers than the specified limit
66 will be rejected. A value of less than 0 means no limit.
67 If not specified, a default of 100 is used.</p>
68 </td></tr><tr><td align="left" valign="center"><code>maxParameterCount</code></td><td align="left" valign="center">
69 <p>The maximum number of parameters (GET plus POST) which will be
70 automatically parsed by the container. A value of less than 0 means no
71 limit. If not specified, a default of 10000 is used. Note that
72 <code>FailedRequestFilter</code> <a href="filter.html">filter</a> can be
73 used to reject requests that hit the limit.</p>
74 </td></tr><tr><td align="left" valign="center"><code>maxPostSize</code></td><td align="left" valign="center">
75 <p>The maximum size in bytes of the POST which will be handled by
76 the container FORM URL parameter parsing. The limit can be disabled by
77 setting this attribute to a value less than or equal to 0.
78 If not specified, this attribute is set to 2097152 (2 megabytes).</p>
79 </td></tr><tr><td align="left" valign="center"><code>maxSavePostSize</code></td><td align="left" valign="center">
80 <p>The maximum size in bytes of the POST which will be saved/buffered by
81 the container during FORM or CLIENT-CERT authentication. For both types
82 of authentication, the POST will be saved/buffered before the user is
83 authenticated. For CLIENT-CERT authentication, the POST is buffered for
84 the duration of the SSL handshake and the buffer emptied when the request
85 is processed. For FORM authentication the POST is saved whilst the user
86 is re-directed to the login form and is retained until the user
87 successfully authenticates or the session associated with the
88 authentication request expires. The limit can be disabled by setting this
89 attribute to -1. Setting the attribute to zero will disable the saving of
90 POST data during authentication. If not specified, this attribute is set
91 to 4096 (4 kilobytes).</p>
92 </td></tr><tr><td align="left" valign="center"><code>parseBodyMethods</code></td><td align="left" valign="center">
93 <p>A comma-separated list of HTTP methods for which request
94 bodies will be parsed for request parameters identically
95 to POST. This is useful in RESTful applications that want to
96 support POST-style semantics for PUT requests.
97 Note that any setting other than <code>POST</code> causes Tomcat
98 to behave in a way that does against the intent of the servlet
99 specification.
100 The HTTP method TRACE is specifically forbidden here in accordance
101 with the HTTP specification.
102 The default is <code>POST</code></p>
103 </td></tr><tr><td align="left" valign="center"><strong><code>port</code></strong></td><td align="left" valign="center">
104 <p>The TCP port number on which this <strong>Connector</strong>
105 will create a server socket and await incoming connections. Your
106 operating system will allow only one server application to listen
107 to a particular port number on a particular IP address.</p>
108 </td></tr><tr><td align="left" valign="center"><code>protocol</code></td><td align="left" valign="center">
109 <p>
110 Sets the protocol to handle incoming traffic.
111 The default value is <code>HTTP/1.1</code> and configures the
112 <code>org.apache.coyote.http11.Http11Protocol</code>. This is the blocking Java connector.<br>
113 If the <code>PATH</code> (Windows) or <code>LD_LIBRARY_PATH</code> (on most unix systems)
114 environment variables contain the Tomcat native library, the APR connector
115 will automatically be configured. Please be advised that the APR connector has different
116 settings for HTTPS than the default Java connector.<br>
117 Other values for this attribute are, but not limited to:<br>
118 <code>org.apache.coyote.http11.Http11Protocol</code> - same as HTTP/1.1<br>
119 <code>org.apache.coyote.http11.Http11NioProtocol</code> - non blocking Java connector<br>
120 <code>org.apache.coyote.http11.Http11AprProtocol</code> - the APR connector.<br>
121 Take a look at our <a href="#Connector Comparison">Connector Comparison</a> chart.
122 The configuration for both Java connectors are identical, both for http and https. <br>
123 For more information on the APR connector and APR specific SSL settings please
124 visit the <a href="../apr.html">APR documentation</a>
125 </p>
126 </td></tr><tr><td align="left" valign="center"><code>proxyName</code></td><td align="left" valign="center">
127 <p>If this <strong>Connector</strong> is being used in a proxy
128 configuration, configure this attribute to specify the server name
129 to be returned for calls to <code>request.getServerName()</code>.
130 See <a href="#Proxy Support">Proxy Support</a> for more
131 information.</p>
132 </td></tr><tr><td align="left" valign="center"><code>proxyPort</code></td><td align="left" valign="center">
133 <p>If this <strong>Connector</strong> is being used in a proxy
134 configuration, configure this attribute to specify the server port
135 to be returned for calls to <code>request.getServerPort()</code>.
136 See <a href="#Proxy Support">Proxy Support</a> for more
137 information.</p>
138 </td></tr><tr><td align="left" valign="center"><code>redirectPort</code></td><td align="left" valign="center">
139 <p>If this <strong>Connector</strong> is supporting non-SSL
140 requests, and a request is received for which a matching
141 <code>&lt;security-constraint&gt;</code> requires SSL transport,
142 Catalina will automatically redirect the request to the port
143 number specified here.</p>
144 </td></tr><tr><td align="left" valign="center"><code>SSLEnabled</code></td><td align="left" valign="center">
145 <p>
146 Use this attribute to enable SSL traffic on a connector.
147 To turn on SSL handshake/encryption/decryption on a connector
148 set this value to <code>true</code>.
149 The default value is <code>false</code>.
150 When turning this value <code>true</code> you will want to set the
151 <code>scheme</code> and the <code>secure</code> attributes as well
152 to pass the correct <code>request.getScheme()</code> and
153 <code>request.isSecure()</code> values to the servlets
154 See <a href="#SSL Support">SSL Support</a> for more information.
155 </p>
156 </td></tr><tr><td align="left" valign="center"><code>scheme</code></td><td align="left" valign="center">
157 <p>Set this attribute to the name of the protocol you wish to have
158 returned by calls to <code>request.getScheme()</code>. For
159 example, you would set this attribute to "<code>https</code>"
160 for an SSL Connector. The default value is "<code>http</code>".
161 </p>
162 </td></tr><tr><td align="left" valign="center"><code>secure</code></td><td align="left" valign="center">
163 <p>Set this attribute to <code>true</code> if you wish to have
164 calls to <code>request.isSecure()</code> to return <code>true</code>
165 for requests received by this Connector. You would want this on an
166 SSL Connector or a non SSL connector that is receiving data from a
167 SSL accelerator, like a crypto card, a SSL appliance or even a webserver.
168 The default value is <code>false</code>.</p>
169 </td></tr><tr><td align="left" valign="center"><code>URIEncoding</code></td><td align="left" valign="center">
170 <p>This specifies the character encoding used to decode the URI bytes,
171 after %xx decoding the URL. If not specified, ISO-8859-1 will be used.
172 </p>
173 </td></tr><tr><td align="left" valign="center"><code>useBodyEncodingForURI</code></td><td align="left" valign="center">
174 <p>This specifies if the encoding specified in contentType should be used
175 for URI query parameters, instead of using the URIEncoding. This
176 setting is present for compatibility with Tomcat 4.1.x, where the
177 encoding specified in the contentType, or explicitly set using
178 Request.setCharacterEncoding method was also used for the parameters from
179 the URL. The default value is <code>false</code>.
180 </p>
181 </td></tr><tr><td align="left" valign="center"><code>useIPVHosts</code></td><td align="left" valign="center">
182 <p>Set this attribute to <code>true</code> to cause Tomcat to use
183 the IP address that the request was received on to determine the Host
184 to send the request to. The default value is <code>false</code>.</p>
185 </td></tr><tr><td align="left" valign="center"><code>xpoweredBy</code></td><td align="left" valign="center">
186 <p>Set this attribute to <code>true</code> to cause Tomcat to advertise
187 support for the Servlet specification using the header recommended in the
188 specification. The default value is <code>false</code>.</p>
189 </td></tr></table>
190
191 </blockquote></td></tr></table>
192
193 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Standard Implementation"><!--()--></a><a name="Standard_Implementation"><strong>Standard Implementation</strong></a></font></td></tr><tr><td><blockquote>
194
195 <p>
196 HTTP supports the following additional attributes (in addition to the
197 common attributes listed above):</p>
198
199 <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>acceptCount</code></td><td align="left" valign="center">
200 <p>The maximum queue length for incoming connection requests when
201 all possible request processing threads are in use. Any requests
202 received when the queue is full will be refused. The default
203 value is 100.</p>
204 </td></tr><tr><td align="left" valign="center"><code>address</code></td><td align="left" valign="center">
205 <p>For servers with more than one IP address, this attribute
206 specifies which address will be used for listening on the specified
207 port. By default, this port will be used on all IP addresses
208 associated with the server.</p>
209 </td></tr><tr><td align="left" valign="center"><code>bufferSize</code></td><td align="left" valign="center">
210 <p>The size (in bytes) of the buffer to be provided for input
211 streams created by this connector. By default, buffers of
212 2048 bytes will be provided.</p>
213 </td></tr><tr><td align="left" valign="center"><code>compressableMimeType</code></td><td align="left" valign="center">
214 <p>The value is a comma separated list of MIME types for which HTTP
215 compression may be used.
216 The default value is <code>text/html,text/xml,text/plain</code>.</p>
217 </td></tr><tr><td align="left" valign="center"><code>compression</code></td><td align="left" valign="center">
218 <p>The <strong>Connector</strong> may use HTTP/1.1 GZIP compression in
219 an attempt to save server bandwidth. The acceptable values for the
220 parameter is "off" (disable compression), "on" (allow compression, which
221 causes text data to be compressed), "force" (forces compression in all
222 cases), or a numerical integer value (which is equivalent to "on", but
223 specifies the minimum amount of data before the output is compressed). If
224 the content-length is not known and compression is set to "on" or more
225 aggressive, the output will also be compressed. If not specified, this
226 attribute is set to "off".</p>
227 <p><em>Note</em>: There is a tradeoff between using compression (saving
228 your bandwidth) and using the sendfile feature (saving your CPU cycles).
229 If the connector supports the sendfile feature, e.g. the NIO connector,
230 using sendfile will take precedence over compression. The symptoms will
231 be that static files greater that 48 Kb will be sent uncompressed.
232 You can turn off sendfile by setting <code>useSendfile</code> attribute
233 of the connector, as documented below, or change the sendfile usage
234 threshold in the configuration of the
235 <a href="../default-servlet.html">DefaultServlet</a> in the default
236 <code>conf/web.xml</code> or in the <code>web.xml</code> of your web
237 application.
238 </p>
239 </td></tr><tr><td align="left" valign="center"><code>connectionLinger</code></td><td align="left" valign="center">
240 <p>The number of seconds during which the sockets used by this
241 <strong>Connector</strong> will linger when they are closed. Setting this
242 attribute to <code>-1</code> will disable connection linger. The default
243 value for the BIO and AJP connectors is 100. The default value for the NIO
244 connection is 25.</p>
245 </td></tr><tr><td align="left" valign="center"><code>connectionTimeout</code></td><td align="left" valign="center">
246 <p>The number of milliseconds this <strong>Connector</strong> will wait,
247 after accepting a connection, for the request URI line to be
248 presented. The default value is 60000 (i.e. 60 seconds).</p>
249 </td></tr><tr><td align="left" valign="center"><code>executor</code></td><td align="left" valign="center">
250 <p>A reference to the name in an <a href="executor.html">Executor</a> element.
251 If this attribute is enabled, and the named executor exists, the connector will
252 use the executor, and all the other thread attributes will be ignored.</p>
253 </td></tr><tr><td align="left" valign="center"><code>keepAliveTimeout</code></td><td align="left" valign="center">
254 <p>The number of milliseconds this <strong>Connector</strong> will wait for
255 another HTTP request before closing the connection.
256 The default value is to use the value that has been set for the
257 connectionTimeout attribute.</p>
258 </td></tr><tr><td align="left" valign="center"><code>disableUploadTimeout</code></td><td align="left" valign="center">
259 <p>This flag allows the servlet container to use a different, longer
260 connection timeout while a servlet is being executed, which in the end
261 allows either the servlet a longer amount of time to complete its
262 execution, or a longer timeout during data upload. If not specified,
263 this attribute is set to "true".</p>
264 </td></tr><tr><td align="left" valign="center"><code>maxHttpHeaderSize</code></td><td align="left" valign="center">
265 <p>The maximum size of the request and response HTTP header, specified
266 in bytes.
267 If not specified, this attribute is set to 8192 (8 KB).</p>
268 </td></tr><tr><td align="left" valign="center"><code>maxKeepAliveRequests</code></td><td align="left" valign="center">
269 <p>The maximum number of HTTP requests which can be pipelined until
270 the connection is closed by the server. Setting this attribute to 1 will
271 disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and
272 pipelining. Setting this to -1 will allow an unlimited amount of
273 pipelined or keep-alive HTTP requests.
274 If not specified, this attribute is set to 100.</p>
275 </td></tr><tr><td align="left" valign="center"><code>maxThreads</code></td><td align="left" valign="center">
276 <p>The maximum number of request processing threads to be created
277 by this <strong>Connector</strong>, which therefore determines the
278 maximum number of simultaneous requests that can be handled. If
279 not specified, this attribute is set to 200. If an executor is associated
280 with this connector, this attribute is ignored as the connector will
281 execute tasks using the executor rather than an internal thread pool.</p>
282 </td></tr><tr><td align="left" valign="center"><code>noCompressionUserAgents</code></td><td align="left" valign="center">
283 <p>The value is a comma separated list of regular expressions matching
284 user-agents of HTTP clients for which compression should not be used,
285 because these clients, although they do advertise support for the
286 feature, have a broken implementation.
287 The default value is an empty String (regexp matching disabled).</p>
288 </td></tr><tr><td align="left" valign="center"><strong><code>port</code></strong></td><td align="left" valign="center">
289 <p>The TCP port number on which this <strong>Connector</strong>
290 will create a server socket and await incoming connections. Your
291 operating system will allow only one server application to listen
292 to a particular port number on a particular IP address.</p>
293 </td></tr><tr><td align="left" valign="center"><code>restrictedUserAgents</code></td><td align="left" valign="center">
294 <p>The value is a comma separated list of regular expressions matching
295 user-agents of HTTP clients for which HTTP/1.1 or HTTP/1.0 keep alive
296 should not be used, even if the clients advertise support for these
297 features.
298 The default value is an empty String (regexp matching disabled).</p>
299 </td></tr><tr><td align="left" valign="center"><code>server</code></td><td align="left" valign="center">
300 <p>Overrides the Server header for the http response. If set, the value
301 for this attribute overrides the Tomcat default and any Server header set
302 by a web application. If not set, any value specified by the application
303 is used. If the application does not specify a value then
304 <code>Apache-Coyote/1.1</code> is used. Unless you are paranoid, you won't
305 need this feature.
306 </p>
307 </td></tr><tr><td align="left" valign="center"><code>socketBuffer</code></td><td align="left" valign="center">
308 <p>The size (in bytes) of the buffer to be provided for socket
309 output buffering. -1 can be specified to disable the use of a buffer.
310 By default, a buffers of 9000 bytes will be used.</p>
311 </td></tr><tr><td align="left" valign="center"><code>tcpNoDelay</code></td><td align="left" valign="center">
312 <p>If set to <code>true</code>, the TCP_NO_DELAY option will be
313 set on the server socket, which improves performance under most
314 circumstances. This is set to <code>true</code> by default.</p>
315 </td></tr><tr><td align="left" valign="center"><code>threadPriority</code></td><td align="left" valign="center">
316 <p>The priority of the request processing threads within the JVM.
317 The default value is <code>5</code> (the value of the
318 <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
319 for the <code>java.lang.Thread</code> class for more details on what
320 this priority means.
321 </p>
322 </td></tr></table>
323
324 </blockquote></td></tr></table>
325
326 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Nio Implementation"><!--()--></a><a name="Nio_Implementation"><strong>Nio Implementation</strong></a></font></td></tr><tr><td><blockquote>
327
328 <p>The NIO connector exposes all the low level socket properties that can be used to tune the connector.
329 Most of these attributes are directly linked to the socket implementation in the JDK so you can find out
330 about the actual meaning in the JDK API documentation.<br>
331 <strong>Note:</strong> On some JDK versions, setTrafficClass causes a problem, a work around for this is to add
332 the <code>-Djava.net.preferIPv4Stack=true</code> value to your command line</p>
333
334 <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>useSendfile</code></td><td align="left" valign="center">
335 <p>(bool)Use this attribute to enable or disable sendfile capability.
336 The default value is <code>true</code>
337 </p>
338 </td></tr><tr><td align="left" valign="center"><code>useExecutor</code></td><td align="left" valign="center">
339 <p>(bool)Set to true to use the NIO thread pool executor. The default value is <code>true</code>.
340 If set to false, it uses a thread pool based on a stack for its execution.
341 Generally, using the executor yields a little bit slower performance, but yields a better
342 fairness for processing connections in a high load environment as the traffic gets queued through a
343 FIFO queue. If set to true(default) then the max pool size is the <code>maxThreads</code> attribute
344 and the core pool size is the <code>minSpareThreads</code>.
345 This value is ignored if the <code>executor</code> attribute is present and points to a valid shared thread pool.
346 </p>
347 </td></tr><tr><td align="left" valign="center"><code>executor</code></td><td align="left" valign="center">
348 <p>A reference to the name in an <a href="executor.html">Executor</a> element.
349 If this attribute is enabled, and the named executor exists, the connector will
350 use the executor, and all the other thread attributes will be ignored.</p>
351 </td></tr><tr><td align="left" valign="center"><code>acceptorThreadCount</code></td><td align="left" valign="center">
352 <p>(int)The number of threads to be used to accept connections. Increase this value on a multi CPU machine,
353 although you would never really need more than <code>2</code>. Also, with a lot of non keep alive connections,
354 you might want to increase this value as well. Default value is <code>1</code>.</p>
355 </td></tr><tr><td align="left" valign="center"><code>pollerThreadCount</code></td><td align="left" valign="center">
356 <p>(int)The number of threads to be used to run for the polling events.
357 Default value is <code>1</code> per processor. Can't see a reason to go
358 above that. But experiment and find your own results.</p>
359 </td></tr><tr><td align="left" valign="center"><code>pollerThreadPriority</code></td><td align="left" valign="center">
360 <p>(int)The priority of the poller threads.
361 The default value is <code>5</code> (the value of the
362 <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
363 for the <code>java.lang.Thread</code> class for more details on what
364 this priority means.
365 </p>
366 </td></tr><tr><td align="left" valign="center"><code>acceptorThreadPriority</code></td><td align="left" valign="center">
367 <p>(int)The priority of the acceptor threads. The threads used to accept new connections.
368 The default value is <code>5</code> (the value of the
369 <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
370 for the <code>java.lang.Thread</code> class for more details on what
371 this priority means.
372 </p>
373 </td></tr><tr><td align="left" valign="center"><code>selectorTimeout</code></td><td align="left" valign="center">
374 <p>(int)The time in milliseconds to timeout on a select() for the poller.
375 This value is important, since connection clean up is done on the same thread, so do not set this
376 value to an extremely high one. The default value is <code>1000</code> milliseconds.</p>
377 </td></tr><tr><td align="left" valign="center"><code>useComet</code></td><td align="left" valign="center">
378 <p>(bool)Whether to allow comet servlets or not, Default value is <code>true</code>.</p>
379 </td></tr><tr><td align="left" valign="center"><code>processorCache</code></td><td align="left" valign="center">
380 <p>(int)The protocol handler caches Http11NioProcessor objects to speed up performance.
381 This setting dictates how many of these objects get cached.
382 <code>-1</code> means unlimited, default is <code>200</code>. Set this value somewhere close to your maxThreads value.
383 </p>
384 </td></tr><tr><td align="left" valign="center"><code>maxKeepAliveRequests</code></td><td align="left" valign="center">
385 <p>The maximum number of HTTP requests which can be pipelined until
386 the connection is closed by the server. Setting this attribute to 1 will
387 disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and
388 pipelining. Setting this to -1 will allow an unlimited amount of
389 pipelined or keep-alive HTTP requests.
390 If not specified, this attribute is set to 100.</p>
391 </td></tr><tr><td align="left" valign="center"><code>socket.directBuffer</code></td><td align="left" valign="center">
392 <p>(bool)Boolean value, whether to use direct ByteBuffers or java mapped ByteBuffers. Default is <code>false</code>
393 <br>When you are using direct buffers, make sure you allocate the appropriate amount of memory for the
394 direct memory space. On Sun's JDK that would be something like <code>-XX:MaxDirectMemorySize=256m</code></p>
395 </td></tr><tr><td align="left" valign="center"><code>socket.rxBufSize</code></td><td align="left" valign="center">
396 <p>(int)The socket receive buffer (SO_RCVBUF) size in bytes. Default value is <code>25188</code></p>
397 </td></tr><tr><td align="left" valign="center"><code>socket.txBufSize</code></td><td align="left" valign="center">
398 <p>(int)The socket send buffer (SO_SNDBUF) size in bytes. Default value is <code>43800</code></p>
399 </td></tr><tr><td align="left" valign="center"><code>socket.appReadBufSize</code></td><td align="left" valign="center">
400 <p>(int)Each connection that is opened up in Tomcat get associated with a read and a write ByteBuffer
401 This attribute controls the size of these buffers. By default this read buffer is sized at <code>8192</code> bytes.
402 For lower concurrency, you can increase this to buffer more data.
403 For an extreme amount of keep alive connections, decrease this number or increase your heap size.</p>
404 </td></tr><tr><td align="left" valign="center"><code>socket.appWriteBufSize</code></td><td align="left" valign="center">
405 <p>(int)Each connection that is opened up in Tomcat get associated with a read and a write ByteBuffer
406 This attribute controls the size of these buffers. By default this write buffer is sized at <code>8192</code> bytes.
407 For low concurrency you can increase this to buffer more response data.
408 For an extreme amount of keep alive connections, decrease this number or increase your heap size.
409 <br>
410 The default value here is pretty low, you should up it if you are not dealing with tens of thousands
411 concurrent connections.</p>
412 </td></tr><tr><td align="left" valign="center"><code>socket.bufferPool</code></td><td align="left" valign="center">
413 <p>(int)The Nio connector uses a class called NioChannel that holds elements linked to a socket.
414 To reduce garbage collection, the Nio connector caches these channel objects.
415 This value specifies the size of this cache.
416 The default value is <code>500</code>, and represents that the cache will hold 500 NioChannel objects.
417 Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
418 </td></tr><tr><td align="left" valign="center"><code>socket.bufferPoolSize</code></td><td align="left" valign="center">
419 <p>(int)The NioChannel pool can also be size based, not used object based. The size is calculated as follows:<br>
420 NioChannel <code>buffer size = read buffer size + write buffer size</code><br>
421 SecureNioChannel <code>buffer size = application read buffer size + application write buffer size + network read buffer size + network write buffer size</code><br>
422 The value is in bytes, the default value is <code>1024*1024*100</code> (100MB)
423 </p>
424 </td></tr><tr><td align="left" valign="center"><code>socket.processorCache</code></td><td align="left" valign="center">
425 <p>(int)Tomcat will cache SocketProcessor objects to reduce garbage collection.
426 The integer value specifies how many objects to keep in the cache at most.
427 The default is <code>500</code>.
428 Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
429 </td></tr><tr><td align="left" valign="center"><code>socket.keyCache</code></td><td align="left" valign="center">
430 <p>(int)Tomcat will cache KeyAttachment objects to reduce garbage collection.
431 The integer value specifies how many objects to keep in the cache at most.
432 The default is <code>500</code>.
433 Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
434 </td></tr><tr><td align="left" valign="center"><code>socket.eventCache</code></td><td align="left" valign="center">
435 <p>(int)Tomcat will cache PollerEvent objects to reduce garbage collection.
436 The integer value specifies how many objects to keep in the cache at most.
437 The default is <code>500</code>.
438 Other values are <code>-1</code>. unlimited cache, and <code>0</code>, no cache.</p>
439 </td></tr><tr><td align="left" valign="center"><code>socket.tcpNoDelay</code></td><td align="left" valign="center">
440 <p>(bool)same as the standard setting <code>tcpNoDelay</code>. Default value is <code>false</code></p>
441 </td></tr><tr><td align="left" valign="center"><code>socket.soKeepAlive</code></td><td align="left" valign="center">
442 <p>(bool)Boolean value for the socket's keep alive setting (SO_KEEPALIVE). Default is <code>false</code>. </p>
443 </td></tr><tr><td align="left" valign="center"><code>socket.ooBInline</code></td><td align="left" valign="center">
444 <p>(bool)Boolean value for the socket OOBINLINE setting. Default value is <code>true</code></p>
445 </td></tr><tr><td align="left" valign="center"><code>socket.soReuseAddress</code></td><td align="left" valign="center">
446 <p>(bool)Boolean value for the sockets reuse address option (SO_REUSEADDR). Default value is <code>true</code></p>
447 </td></tr><tr><td align="left" valign="center"><code>socket.soLingerOn</code></td><td align="left" valign="center">
448 <p>(bool)Boolean value for the sockets so linger option (SO_LINGER). Default value is <code>true</code>.
449 This option is paired with the <code>soLingerTime</code> value.</p>
450 </td></tr><tr><td align="left" valign="center"><code>socket.soLingerTime</code></td><td align="left" valign="center">
451 <p>(bool)Value in seconds for the sockets so linger option (SO_LINGER). Default value is <code>25</code> seconds.
452 This option is paired with the soLinger value.</p>
453 </td></tr><tr><td align="left" valign="center"><code>socket.soTimeout</code></td><td align="left" valign="center">
454 <p>(int)Value in milliseconds for the sockets read timeout (SO_TIMEOUT). Default value is <code>5000</code> milliseconds.</p>
455 </td></tr><tr><td align="left" valign="center"><code>socket.soTrafficClass</code></td><td align="left" valign="center">
456 <p>(byte)Value between <code>0</code> and <code>255</code> for the traffic class on the socket, <code>0x04 | 0x08 | 0x010</code></p>
457 </td></tr><tr><td align="left" valign="center"><code>socket.performanceConnectionTime</code></td><td align="left" valign="center">
458 <p>(int)The first value for the performance settings. Default is <code>1</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
459 </td></tr><tr><td align="left" valign="center"><code>socket.performanceLatency</code></td><td align="left" valign="center">
460 <p>(int)The second value for the performance settings. Default is <code>0</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
461 </td></tr><tr><td align="left" valign="center"><code>socket.performanceBandwidth</code></td><td align="left" valign="center">
462 <p>(int)The third value for the performance settings. Default is <code>1</code>, see <a href="http://docs.oracle.com/javase/1.5.0/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a></p>
463 </td></tr><tr><td align="left" valign="center"><code>selectorPool.maxSelectors</code></td><td align="left" valign="center">
464 <p>(int)The max selectors to be used in the pool, to reduce selector contention.
465 Use this option when the command line <code>org.apache.tomcat.util.net.NioSelectorShared</code> value is set to false.
466 Default value is <code>200</code>.</p>
467 </td></tr><tr><td align="left" valign="center"><code>selectorPool.maxSpareSelectors</code></td><td align="left" valign="center">
468 <p>(int)The max spare selectors to be used in the pool, to reduce selector contention.
469 When a selector is returned to the pool, the system can decide to keep it or let it be GC:ed.
470 Use this option when the command line <code>org.apache.tomcat.util.net.NioSelectorShared</code> value is set to false.
471 Default value is <code>-1</code> (unlimited)</p>
472 </td></tr><tr><td align="left" valign="center"><code>command-line-options</code></td><td align="left" valign="center">
473 <p>The following command line options are available for the NIO connector:<br>
474 <code>-Dorg.apache.tomcat.util.net.NioSelectorShared=true|false</code>
475 - default is <code>true</code>. Set this value to <code>false</code> if you wish to
476 use a selector for each thread. When you set it to <code>false</code>, you can
477 control the size of the pool of selectors by using the
478 <strong>selectorPool.maxSelectors</strong> attribute</p>
479 </td></tr><tr><td align="left" valign="center"><code>oomParachute</code></td><td align="left" valign="center">
480 <p>(int)The NIO connector implements an OutOfMemoryError strategy called parachute.
481 It holds a chunk of data as a byte array. In case of an OOM,
482 this chunk of data is released and the error is reported. This will give the VM enough room
483 to clean up. The <code>oomParachute</code> represent the size in bytes of the parachute(the byte array).
484 The default value is <code>1024*1024</code>(1MB).
485 Please note, this only works for OOM errors regarding the Java Heap space, and there is absolutely no
486 guarantee that you will be able to recover at all.
487 If you have an OOM outside of the Java Heap, then this parachute trick will not help.
488 </p>
489 </td></tr><tr><td align="left" valign="center"><code>socket.unlockTimeout</code></td><td align="left" valign="center">
490 <p>(int) The timeout for a socket unlock. When a connector is stopped, it will try to release the acceptor thread by opening a connector to itself.
491 The default value is <code>250</code> and the value is in milliseconds</p>
492 </td></tr></table>
493 </blockquote></td></tr></table>
494
495</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Nested Components"><!--()--></a><a name="Nested_Components"><strong>Nested Components</strong></a></font></td></tr><tr><td><blockquote>
496
497 <p>None at this time.</p>
498
499</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Special Features"><!--()--></a><a name="Special_Features"><strong>Special Features</strong></a></font></td></tr><tr><td><blockquote>
500
501
502 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="HTTP/1.1 and HTTP/1.0 Support"><!--()--></a><a name="HTTP/1.1_and_HTTP/1.0_Support"><strong>HTTP/1.1 and HTTP/1.0 Support</strong></a></font></td></tr><tr><td><blockquote>
503
504 <p>This <strong>Connector</strong> supports all of the required features
505 of the HTTP/1.1 protocol, as described in RFC 2616, including persistent
506 connections, pipelining, expectations and chunked encoding. If the client
507 (typically a browser) supports only HTTP/1.0, the
508 <strong>Connector</strong> will gracefully fall back to supporting this
509 protocol as well. No special configuration is required to enable this
510 support. The <strong>Connector</strong> also supports HTTP/1.0
511 keep-alive.</p>
512
513 <p>RFC 2616 requires that HTTP servers always begin their responses with
514 the highest HTTP version that they claim to support. Therefore, this
515 <strong>Connector</strong> will always return <code>HTTP/1.1</code> at
516 the beginning of its responses.</p>
517
518 </blockquote></td></tr></table>
519
520
521 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Proxy Support"><!--()--></a><a name="Proxy_Support"><strong>Proxy Support</strong></a></font></td></tr><tr><td><blockquote>
522
523 <p>The <code>proxyName</code> and <code>proxyPort</code> attributes can
524 be used when Tomcat is run behind a proxy server. These attributes
525 modify the values returned to web applications that call the
526 <code>request.getServerName()</code> and <code>request.getServerPort()</code>
527 methods, which are often used to construct absolute URLs for redirects.
528 Without configuring these attributes, the values returned would reflect
529 the server name and port on which the connection from the proxy server
530 was received, rather than the server name and port to whom the client
531 directed the original request.</p>
532
533 <p>For more information, see the
534 <a href="../proxy-howto.html">Proxy Support HOW-TO</a>.</p>
535
536 </blockquote></td></tr></table>
537
538
539
540 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="SSL Support"><!--()--></a><a name="SSL_Support"><strong>SSL Support</strong></a></font></td></tr><tr><td><blockquote>
541
542 <p>You can enable SSL support for a particular instance of this
543 <strong>Connector</strong> by setting the <code>SSLEnabled</code> attribute to
544 <code>true</code>.</p>
545
546 <p>You will also need to set the <code>scheme</code> and <code>secure</code> attributes
547 to the values <code>https</code> and <code>true</code> respectively,
548 to pass correct information to the servlets.</p>
549
550 <p>In addition, you may need to configure the following
551 attributes:</p>
552
553 <table border="1" cellpadding="5"><tr><th width="15%" bgcolor="#023264"><font color="#ffffff">Attribute</font></th><th width="85%" bgcolor="#023264"><font color="#ffffff">Description</font></th></tr><tr><td align="left" valign="center"><code>algorithm</code></td><td align="left" valign="center">
554 <p>The certificate encoding algorithm to be used. This defaults to
555 <code>KeyManagerFactory.getDefaultAlgorithm()</code> which returns
556 <code>SunX509</code> for Sun JVMs. IBM JVMs return
557 <code>IbmX509</code>. For other vendors, consult the JVM
558 documentation for the default value.</p>
559 </td></tr><tr><td align="left" valign="center"><code>clientAuth</code></td><td align="left" valign="center">
560 <p>Set to <code>true</code> if you want the SSL stack to require a
561 valid certificate chain from the client before accepting a connection.
562 Set to <code>want</code> if you want the SSL stack to request a client
563 Certificate, but not fail if one isn't presented. A <code>false</code>
564 value (which is the default) will not require a certificate chain
565 unless the client requests a resource protected by a security
566 constraint that uses <code>CLIENT-CERT</code> authentication. See the
567 <a href="../ssl-howto.html">SSL HowTo</a> for an example.</p>
568 </td></tr><tr><td align="left" valign="center"><code>clientCertProvider</code></td><td align="left" valign="center">
569 <p>When client certificate information is presented in a form other than
570 instances of <code>java.security.cert.X509Certificate</code> it needs to
571 be converted before it can be used and this property controls which JSSE
572 provider is used to perform the conversion. For example it is used with
573 the <a href="ajp.html">AJP connectors</a>, the HTTP APR connector and
574 with the <a href="valve.html#SSL_Authenticator_Valve">
575 org.apache.catalina.valves.SSLValve</a>. If not specified, the default
576 provider will be used.</p>
577 </td></tr><tr><td align="left" valign="center"><code>keystoreFile</code></td><td align="left" valign="center">
578 <p>The pathname of the keystore file where you have stored the
579 server certificate to be loaded. By default, the pathname is
580 the file "<code>.keystore</code>" in the operating system home
581 directory of the user that is running Tomcat. If your
582 <code>keystoreType</code> doesn't need a file use <code>""</code>
583 (empty string) for this parameter.</p>
584 </td></tr><tr><td align="left" valign="center"><code>keystorePass</code></td><td align="left" valign="center">
585 <p>The password used to access the server certificate from the
586 specified keystore file. The default value is "<code>changeit</code>".
587 </p>
588 </td></tr><tr><td align="left" valign="center"><code>keystoreType</code></td><td align="left" valign="center">
589 <p>The type of keystore file to be used for the server certificate.
590 If not specified, the default value is "<code>JKS</code>".</p>
591 </td></tr><tr><td align="left" valign="center"><code>keystoreProvider</code></td><td align="left" valign="center">
592 <p>The name of the keystore provider to be used for the server
593 certificate. If not specified, the list of registered providers is
594 traversed in preference order and the first provider that supports the
595 <code>keystoreType</code> is used.
596 </p>
597 </td></tr><tr><td align="left" valign="center"><code>sslProtocol</code></td><td align="left" valign="center">
598 <p>The the SSL protocol(s) to use (a single value may enable multiple
599 protocols - see the JVM documentation for details). If not specified, the
600 default is <code>TLS</code>. The permitted values may be obtained from the
601 JVM documentation for the allowed values for algorithm when creating an
602 <code>SSLContext</code> instance e.g.
603 <a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#SSLContext">
604 Oracle Java 6</a> and
605 <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#SSLContext">
606 Oracle Java 7</a>. Note: There is overlap between this attribute and
607 <code>sslEnabledProtocols</code>.</p>
608 </td></tr><tr><td align="left" valign="center"><code>ciphers</code></td><td align="left" valign="center">
609 <p>The comma separated list of encryption ciphers that this socket is
610 allowed to use. By default, the default ciphers for the JVM will be used.
611 Note that this usually means that the weak export grade ciphers will be
612 included in the list of available ciphers. The ciphers are specified using
613 the JSSE cipher naming convention.</p>
614 </td></tr><tr><td align="left" valign="center"><code>keyAlias</code></td><td align="left" valign="center">
615 <p>The alias used to for the server certificate in the keystore. If not
616 specified the first key read in the keystore will be used.</p>
617 </td></tr><tr><td align="left" valign="center"><code>trustManagerClassName</code></td><td align="left" valign="center">
618 <p>The name of a custom trust manager class to use to validate client
619 certificates. The class must have a zero argument constructor and must
620 also implement <code>javax.net.ssl.X509TrustManager</code>. If this
621 attribute is set, the trust store attributes may be ignored.
622 </p>
623 </td></tr><tr><td align="left" valign="center"><code>truststoreFile</code></td><td align="left" valign="center">
624 <p>The trust store file to use to validate client certificates. The
625 default is the value of the <code>javax.net.ssl.trustStore</code> system
626 property. If neither this attribute nor the default system property is
627 set, no trust store will be configured.</p>
628 </td></tr><tr><td align="left" valign="center"><code>truststorePass</code></td><td align="left" valign="center">
629 <p>The password to access the trust store. The default is the value of the
630 <code>javax.net.ssl.trustStorePassword</code> system property. If that
631 property is null, the value of <code>keystorePass</code> is used as the
632 default. If an invalid trust store password is specified, a warning will
633 be logged and an attempt will be made to access the trust store without a
634 password which will skip validation of the trust store contents. If the
635 trust store password is defined as <code>""</code> then no
636 password will be used to access the store which will also skip validation
637 of the trust store contents.</p>
638 </td></tr><tr><td align="left" valign="center"><code>truststoreType</code></td><td align="left" valign="center">
639 <p>The type of key store used for the trust store. The default is the
640 value of the <code>javax.net.ssl.trustStoreType</code> system property. If
641 that property is null, the value of <code>keystoreType</code> is used as
642 the default.</p>
643 </td></tr><tr><td align="left" valign="center"><code>truststoreProvider</code></td><td align="left" valign="center">
644 <p>The name of the truststore provider to be used for the server
645 certificate. The default is the value of the
646 <code>javax.net.ssl.trustStoreProvider</code> system property. If
647 that property is null, the value of <code>keystoreProvider</code> is used
648 as the default. If neither this attribute, the default system property nor
649 <code>keystoreProvider</code>is set, the list of registered providers is
650 traversed in preference order and the first provider that supports the
651 <code>truststoreType</code> is used.
652 </p>
653 </td></tr><tr><td align="left" valign="center"><code>sessionCacheSize</code></td><td align="left" valign="center">
654 <p>The number of SSL sessions to maintain in the session cache. Use 0 to
655 specify an unlimited cache size. If not specified, a default of 0 is
656 used.</p>
657 </td></tr><tr><td align="left" valign="center"><code>sessionTimeout</code></td><td align="left" valign="center">
658 <p>The time, in seconds, after the creation of an SSL session that it will
659 timeout. Use 0 to specify an unlimited timeout. If not specified, a
660 default of 86400 (24 hours) is used.</p>
661 </td></tr><tr><td align="left" valign="center"><code>sslEnabledProtocols</code></td><td align="left" valign="center">
662 <p>The comma separated list of SSL protocols to support for HTTPS
663 connections. If specified, only the protocols that are listed and
664 supported by the SSL implementation will be enabled. If not specified,
665 the JVM default is used. The permitted values may be obtained from the
666 JVM documentation for the allowed values for
667 <code>SSLSocket.setEnabledProtocols()</code> e.g.
668 <a href="http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#jssenames">
669 Oracle Java 6</a> and
670 <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#jssenames">
671 Oracle Java 7</a>. Note: There is overlap between this attribute and
672 <code>sslProtocol</code>.</p>
673 </td></tr><tr><td align="left" valign="center"><code>crlFile</code></td><td align="left" valign="center">
674 <p>The certificate revocation list file to use to validate client
675 certificates.</p>
676 </td></tr><tr><td align="left" valign="center"><code>allowUnsafeLegacyRenegotiation</code></td><td align="left" valign="center">
677 <p>Is unsafe legacy TLS renegotiation allowed which is likely to expose
678 users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS
679 protocol that allows an attacker to inject arbitrary data into the user's
680 request. If not specified, a default of <code>false</code> is used. This
681 attribute only has an effect if the JVM does not support RFC 5746 as
682 indicated by the presence of the pseudo-ciphersuite
683 TLS_EMPTY_RENEGOTIATION_INFO_SCSV. This is available JRE/JDK 6 update 22
684 onwards. Where RFC 5746 is supported the renegotiation - including support
685 for unsafe legacy renegotiation - is controlled by the JVM configuration.
686 </p>
687 </td></tr></table>
688
689 <p>For more information, see the
690 <a href="../ssl-howto.html">SSL Configuration HOW-TO</a>.</p>
691
692 </blockquote></td></tr></table>
693 <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Connector Comparison"><!--()--></a><a name="Connector_Comparison"><strong>Connector Comparison</strong></a></font></td></tr><tr><td><blockquote>
694
695 <p>Below is a small chart that shows how the connectors differentiate.</p>
696 <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>
697 Java Blocking Connector Java Nio Blocking Connector APR Connector
698 Classname Http11Protocol Http11NioProtocol Http11AprProtocol
699 Tomcat Version 3.x 4.x 5.x 6.x 6.x 5.5.x 6.x
700 Support Polling NO YES YES
701 Polling Size N/A Unlimited - Restricted by mem Unlimited - Configurable
702 Read HTTP Request Blocking Non Blocking Blocking
703 Read HTTP Body Blocking Sim Blocking Blocking
704 Write HTTP Response Blocking Sim Blocking Blocking
705 SSL Support Java SSL Java SSL OpenSSL
706 SSL Handshake Blocking Non blocking Blocking
707 Max Connections maxThreads See polling size See polling size
708
709
710 </pre></td><td bgcolor="#023264" width="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="../images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
711
712 </blockquote></td></tr></table>
713</blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade="noshade" size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
714 Copyright &copy; 1999-2014, Apache Software Foundation
715 </em></font></div></td></tr></table></body></html>