Tomcat with APR still says aprConnector is false

5
votes

This is the connector in server.xml:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150"
               SSLEnabled="true"
               scheme="https"
               compression="off"
               connectionTimeout="1190"
               address="0.0.0.0"
               >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
            <Certificate certificateKeyFile="/etc/ssl/certs/private.key"
                         certificateFile="/etc/ssl/certs/public.pem"
                          />
        </SSLHostConfig>
</Connector>

The goal with this connector is speed with HTTP2 and APR, along with HTTPS.

We installed tomcat native using the OS package tomcat-native.

Log output on startup:

INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.16] using APR version [1.6.3].

INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].

INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]

Everything looks great, except for the useAprConnector [false]

So is APR actually doing anything?

I can't find anything in the relevant documentation:

https://tomcat.apache.org/tomcat-8.0-doc/config/http.html#SSL_Support

https://tomcat.apache.org/tomcat-8.0-doc/apr.html

1
javatomcathttpsapr
Note that you are configuring Tomcat 8.5 but are reading the 8.0 documentation...Christopher Schultz

1 Answers

8
votes

The current default in Tomcat 8.5 is to use the Java NIO connector with OpenSSL as the crypto engine. libtcnative is still required, which requires libapr, but the "APR Connector" itself is not being used.

That means that Tomcat is using a pure-Java connector with the OpenSSL engine for crypto. You get the benefits of OpenSSL's speed without some of the downsides of the APR connector itself.

IMO this is the best configuration option available to you, so you should leave it unless you have a compelling reason to use the APR connector explicitly.

If you really want to use the APR connector, then you will need to set the useAprConnector attribute on your AprLifecycleListener to true.