TOMCAT7及之后 HTTPS 设置

一、BIO 和 NIO
BIO：Blocking IO 阻塞线程
NIO：Non-Blocking IO 非阻塞线程

org.apache.coyote.http11.Http11Protocol - blocking Java connector

org.apache.coyote.http11.Http11NioProtocol - non blocking Java connector
org.apache.coyote.http11.Http11AprProtocol - the APR/native connector.

 

二、sslProtocol 和 sslEnabledProtocols
1、sslProtocol（a single value may enable multiple protocols 单个值可以启用多个协议）

 

2、sslEnabledProtocols
The comma separated list of SSL protocols to support for HTTPS connections.
HTTPS连接所支持的SSL协议的逗号分隔列表。
If specified, only the protocols that are listed and supported by the SSL implementation will be enabled.
如果指定，那么只有列表指定的而且由SSL实现所支持的协议将被启用。
If not specified, the JVM default (excluding SSLv2 and SSLv3 if the JVM enables either or both of them by default) is used.
如果未指定，则使用jvm默认值（除非jvm默认启用其中一个或两个值，否则不包括sslv2和sslv3）。

 

三、TOMCAT7及之后 HTTPS 设置范本

< Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" URIEncoding="UTF-8" useBodyEncodingForURI="true"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="keystore/tomcat.ssl.jks" keystorePass="密码"
clientAuth="false" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" />