Quellcode-Bibliothek

^© Kompilation durch diese Firma

[Weder Korrektheit noch Funktionsfähigkeit der Software werden zugesichert.]

Datei: http.xml Sprache: XML

Original von: Apache^©

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE document [
 <!ENTITY project SYSTEM "project.xml">
]>
<document url="http.html">

 &project;

 <properties>
 <author email="[email protected]">Craig R. McClanahan</author>
 <author email="[email protected]">Yoav Shapira</author>
 <title>The HTTP Connector</title>
 </properties>

<body>

<section name="Table of Contents">
<toc/>
</section>

<section name="Introduction">

 The HTTP Connector element represents a
 Connector component that supports the HTTP/1.1 protocol.
 It enables Catalina to function as a stand-alone web server, in addition
 to its ability to execute servlets and JSP pages. A particular instance
 of this component listens for connections on a specific TCP port number
 on the server. One or more such Connectors can be
 configured as part of a single <a href="service.html">Service</a>, each
 forwarding to the associated <a href="engine.html">Engine</a> to perform
 request processing and create the response.

 If you wish to configure the Connector that is used
 for connections to web servers using the AJP protocol (such as the
 <code>mod_jk 1.2.x</code> connector for Apache 1.3), please refer to the
 <a href="ajp.html">AJP Connector</a> documentation.

 Each incoming, non-asynchronous request requires a thread for the duration
 of that request. If more simultaneous requests are received than can be
 handled by the currently available request processing threads, additional
 threads will be created up to the configured maximum (the value of the
 <code>maxThreads</code> attribute). If still more simultaneous requests are
 received, Tomcat will accept new connections until the current number of
 connections reaches <code>maxConnections</code>. Connections are queued inside
 the server socket created by the Connector until a thread
 becomes available to process the connection. Once <code>maxConnections</code>
 has been reached the operating system will queue further connections. The size
 of the operating system provided connection queue may be controlled by the
 <code>acceptCount</code> attribute. If the operating system queue fills,
 further connection requests may be refused or may time out.

</section>

<section name="Attributes">

 <subsection name="Common Attributes">

 All implementations of Connector
 support the following attributes:

 <attributes>

 <attribute name="allowBackslash" required="false">
 If this is <code>true</code> the '\' character will be permitted as a
 path delimiter.
 If not specified, the default value of <code>false</code> will be used.
 </attribute>

 <attribute name="allowTrace" required="false">
 A boolean value which can be used to enable or disable the TRACE
 HTTP method. If not specified, this attribute is set to false. As per RFC
 7231 section 4.3.8, cookie and authorization headers will be excluded from
 the response to the TRACE request. If you wish to include these, you can
 implement the <code>doTrace()</code> method for the target Servlet and
 gain full control over the response.
 </attribute>

 <attribute name="asyncTimeout" required="false">
 The default timeout for asynchronous requests in milliseconds. If not
 specified, this attribute is set to the Servlet specification default of
 30000 (30 seconds).
 </attribute>

 <attribute name="discardFacades" required="false">
 A boolean value which can be used to enable or disable the recycling
 of the facade objects that isolate the container internal request
 processing objects. If set to <code>true</code> the facades will be
 set for garbage collection after every request, otherwise they will be
 reused. This setting has no effect when the security manager is enabled.
 If not specified, this attribute is set to <code>true</code>.
 </attribute>

 <attribute name="enableLookups" required="false">
 Set to <code>true</code> if you want calls to
 <code>request.getRemoteHost()</code> to perform DNS lookups in
 order to return the actual host name of the remote client. Set
 to <code>false</code> to skip the DNS lookup and return the IP
 address in String form instead (thereby improving performance).
 By default, DNS lookups are disabled.
 </attribute>

 <attribute name="encodedSolidusHandling" required="false">
 When set to <code>reject</code> request paths containing a
 <code>%2f</code> sequence will be rejected with a 400 response. When set
 to <code>decode</code> request paths containing a <code>%2f</code>
 sequence will have that sequence decoded to <code>/</code> at the same
 time other <code>%nn</code> sequences are decoded. When set to
 <code>passthrough</code> request paths containing a <code>%2f</code>
 sequence will be processed with the <code>%2f</code> sequence unchanged.
 If not specified the default value is <code>reject</code>.
 </attribute>

 <attribute name="enforceEncodingInGetWriter" required="false">
 If this is <code>true</code> then
 a call to <code>Response.getWriter()</code> if no character encoding
 has been specified will result in subsequent calls to
 <code>Response.getCharacterEncoding()</code> returning
 <code>ISO-8859-1</code> and the <code>Content-Type</code> response header
 will include a <code>charset=ISO-8859-1</code> component. (SRV.15.2.22.1)
 If not specified, the default specification compliant value of
 <code>true</code> will be used.
 </attribute>

 <attribute name="maxCookieCount" required="false">
 The maximum number of cookies that are permitted for a request. A value
 of less than zero means no limit. If not specified, a default value of 200
 will be used.
 </attribute>

 <attribute name="maxParameterCount" required="false">
 The maximum total number of request parameters (including uploaded
 files) obtained from the query string and, for POST requests, the request
 body if the content type is
 <code>application/x-www-form-urlencoded</code> or
 <code>multipart/form-data</code>. Request parameters beyond this limit
 will be ignored. A value of less than 0 means no limit. If not specified,
 a default of 10000 is used. Note that <code>FailedRequestFilter</code>
 <a href="filter.html">filter</a> can be used to reject requests that
 exceed the limit.
 </attribute>

 <attribute name="maxPostSize" required="false">
 The maximum size in bytes of the POST which will be handled by
 the container FORM URL parameter parsing. The limit can be disabled by
 setting this attribute to a value less than zero. If not specified, this
 attribute is set to 2097152 (2 MiB). Note that the
 <a href="filter.html#Failed_Request_Filter"><code>FailedRequestFilter</code></a>
 can be used to reject requests that exceed this limit.
 </attribute>

 <attribute name="maxSavePostSize" required="false">
 The maximum size in bytes of the request body which will be
 saved/buffered by the container during FORM or CLIENT-CERT authentication
 or during HTTP/1.1 upgrade. For both types of authentication, the request
 body will be saved/buffered before the user is authenticated. For
 CLIENT-CERT authentication, the request body is buffered for the duration
 of the SSL handshake and the buffer emptied when the request is processed.
 For FORM authentication the POST is saved whilst the user is re-directed
 to the login form and is retained until the user successfully
 authenticates or the session associated with the authentication request
 expires. For HTTP/1.1 upgrade, the request body is buffered for the
 duration of the upgrade process. The limit can be disabled by setting this
 attribute to -1. Setting the attribute to zero will disable the saving of
 the request body data during authentication and HTTP/1.1 upgrade. If not
 specified, this attribute is set to 4096 (4 kilobytes).
 </attribute>

 <attribute name="parseBodyMethods" required="false">
 A comma-separated list of HTTP methods for which request
 bodies using <code>application/x-www-form-urlencoded</code> will be parsed
 for request parameters identically to POST. This is useful in RESTful
 applications that want to support POST-style semantics for PUT requests.
 Note that any setting other than <code>POST</code> causes Tomcat
 to behave in a way that goes against the intent of the servlet
 specification.
 The HTTP method TRACE is specifically forbidden here in accordance
 with the HTTP specification.
 The default is <code>POST</code>
 </attribute>

 <attribute name="port" required="true">
 The TCP port number on which this Connector
 will create a server socket and await incoming connections. Your
 operating system will allow only one server application to listen
 to a particular port number on a particular IP address. If the special
 value of 0 (zero) is used, then Tomcat will select a free port at random
 to use for this connector. This is typically only useful in embedded and
 testing applications.
 </attribute>

 <attribute name="protocol" required="false">
 Sets the protocol to handle incoming traffic. The default value is
 <code>HTTP/1.1</code> which uses a Java NIO based connector. 
 To use an explicit protocol, the following values may be used: 
 <code>org.apache.coyote.http11.Http11NioProtocol</code> -
 non blocking Java NIO connector 
 <code>org.apache.coyote.http11.Http11Nio2Protocol</code> -
 non blocking Java NIO2 connector 
 Custom implementations may also be used. 
 Take a look at our <a href="#Connector_Comparison">Connector
 Comparison</a> chart. The configuration for Java connectors is
 identical, for http and https.
 
 </attribute>

 <attribute name="proxyName" required="false">
 If this Connector is being used in a proxy
 configuration, configure this attribute to specify the server name
 to be returned for calls to <code>request.getServerName()</code>.
 See <a href="#Proxy_Support">Proxy Support</a> for more
 information.
 </attribute>

 <attribute name="proxyPort" required="false">
 If this Connector is being used in a proxy
 configuration, configure this attribute to specify the server port
 to be returned for calls to <code>request.getServerPort()</code>.
 See <a href="#Proxy_Support">Proxy Support</a> for more
 information.
 </attribute>

 <attribute name="redirectPort" required="false">
 If this Connector is supporting non-SSL
 requests, and a request is received for which a matching
 <code><security-constraint></code> requires SSL transport,
 Catalina will automatically redirect the request to the port
 number specified here.
 </attribute>

 <attribute name="rejectSuspiciousURIs" required="false">
 Should this Connector reject a requests if the URI
 matches one of the suspicious URIs patterns identified by the Servlet 6.0
 specification? The default value is <code>false</code>.
 </attribute>

 <attribute name="scheme" required="false">
 Set this attribute to the name of the protocol you wish to have
 returned by calls to <code>request.getScheme()</code>. For
 example, you would set this attribute to "https"
 for an SSL Connector. The default value is "http".
 
 </attribute>

 <attribute name="secure" required="false">
 Set this attribute to <code>true</code> if you wish to have
 calls to <code>request.isSecure()</code> to return <code>true</code>
 for requests received by this Connector. You would want this on an
 SSL Connector or a non SSL connector that is receiving data from a
 SSL accelerator, like a crypto card, an SSL appliance or even a webserver.
 The default value is <code>false</code>.
 </attribute>

 <attribute name="URIEncoding" required="false">
 This specifies the character encoding used to decode the URI bytes,
 after %xx decoding the URL. The default value is <code>UTF-8</code>.
 </attribute>

 <attribute name="useBodyEncodingForURI" required="false">
 This specifies if the encoding specified in contentType should be used
 for URI query parameters, instead of using the URIEncoding. This
 setting is present for compatibility with Tomcat 4.1.x, where the
 encoding specified in the contentType, or explicitly set using
 Request.setCharacterEncoding method was also used for the parameters from
 the URL. The default value is <code>false</code>.
 
 Notes: 1) This setting is applied only to the
 query string of a request. Unlike <code>URIEncoding</code> it does not
 affect the path portion of a request URI. 2) If request character
 encoding is not known (is not provided by a browser and is not set by
 <code>SetCharacterEncodingFilter</code> or a similar filter using
 Request.setCharacterEncoding method), the default encoding is always
 "ISO-8859-1". The <code>URIEncoding</code> setting has no effect on
 this default.
 
 </attribute>

 <attribute name="useIPVHosts" required="false">
 Set this attribute to <code>true</code> to cause Tomcat to use
 the IP address that the request was received on to determine the Host
 to send the request to. The default value is <code>false</code>.
 </attribute>

 <attribute name="xpoweredBy" required="false">
 Set this attribute to <code>true</code> to cause Tomcat to advertise
 support for the Servlet specification using the header recommended in the
 specification. The default value is <code>false</code>.
 </attribute>

 </attributes>

 </subsection>

 <subsection name="Standard Implementation">

 The standard HTTP connectors (NIO and NIO2) all support the following
 attributes in addition to the common Connector attributes listed above.

 <attributes>

 <attribute name="acceptCount" required="false">
 The maximum length of the operating system provided queue for incoming
 connection requests when <code>maxConnections</code> has been reached. The
 operating system may ignore this setting and use a different size for the
 queue. When this queue is full, the operating system may actively refuse
 additional connections or those connections may time out. The default
 value is 100.
 </attribute>

 <attribute name="acceptorThreadPriority" required="false">
 The priority of the acceptor thread. The thread used to accept
 new connections. The default value is <code>5</code> (the value of the
 <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
 for the <code>java.lang.Thread</code> class for more details on what
 this priority means.
 </attribute>

 <attribute name="address" required="false">
 For servers with more than one IP address, this attribute specifies
 which address will be used for listening on the specified port. By
 default, the connector will listen all local addresses. Unless the JVM is
 configured otherwise using system properties, the Java based connectors
 (NIO, NIO2) will listen on both IPv4 and IPv6 addresses when configured
 with either <code>0.0.0.0</code> or <code>::</code>.
 </attribute>

 <attribute name="allowHostHeaderMismatch" required="false">
 By default Tomcat will reject requests that specify a host in the
 request line but specify a different host in the host header. This
 check can be disabled by setting this attribute to <code>true</code>. If
 not specified, the default is <code>false</code>.
 
 This setting will be removed in Tomcat 11 onwards where it will be
 hard-coded to <code>false</code>.
 </attribute>

 <attribute name="allowedTrailerHeaders" required="false">
 By default Tomcat will ignore all trailer headers when processing
 chunked input. For a header to be processed, it must be added to this
 comma-separated list of header names.
 </attribute>

 <attribute name="bindOnInit" required="false">
 Controls when the socket used by the connector is bound. If set to
 <code>true</code> it is bound when the connector is initiated and unbound
 when the connector is destroyed. If set to <code>false</code>, the socket
 will be bound when the connector is started and unbound when it is
 stopped. If not specified, the default is <code>true</code>.
 </attribute>

 <attribute name="clientCertProvider" required="false">
 When client certificate information is presented in a form other than
 instances of <code>java.security.cert.X509Certificate</code> it needs to
 be converted before it can be used and this property controls which JSSE
 provider is used to perform the conversion.
 </attribute>

 <attribute name="compressibleMimeType" required="false">
 The value is a comma separated list of MIME types for which HTTP
 compression may be used.
 The default value is
 <code>
 text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json,application/xml
 </code>.
 If you specify a type explicitly, the default is over-ridden.
 </attribute>

 <attribute name="compression" required="false">
 The Connector may use HTTP/1.1 GZIP compression in
 an attempt to save server bandwidth. The acceptable values for the
 parameter is "off" (disable compression), "on" (allow compression, which
 causes text data to be compressed), "force" (forces compression in all
 cases), or a numerical integer value (which is equivalent to "on", but
 specifies the minimum amount of data before the output is compressed). If
 the content-length is not known and compression is set to "on" or more
 aggressive, the output will also be compressed. If not specified, this
 attribute is set to "off".
 Note: There is a tradeoff between using compression (saving
 your bandwidth) and using the sendfile feature (saving your CPU cycles).
 If the connector supports the sendfile feature, e.g. the NIO connector,
 using sendfile will take precedence over compression. The symptoms will
 be that static files greater that 48 KiB will be sent uncompressed.
 You can turn off sendfile by setting <code>useSendfile</code> attribute
 of the connector, as documented below, or change the sendfile usage
 threshold in the configuration of the
 <a href="../default-servlet.html">DefaultServlet</a> in the default
 <code>conf/web.xml</code> or in the <code>web.xml</code> of your web
 application.
 
 </attribute>

 <attribute name="compressionMinSize" required="false">
 If compression is set to "on" then this attribute
 may be used to specify the minimum amount of data before the output is
 compressed. If not specified, this attribute is defaults to "2048".
 Units are in bytes.
 </attribute>

 <attribute name="connectionLinger" required="false">
 The number of seconds during which the sockets used by this
 Connector will linger when they are closed. The default
 value is <code>-1</code> which disables socket linger.
 </attribute>

 <attribute name="connectionTimeout" required="false">
 The number of milliseconds this Connector will wait,
 after accepting a connection, for the request URI line to be
 presented. Use a value of -1 to indicate no (i.e. infinite) timeout.
 The default value is 60000 (i.e. 60 seconds) but note that the standard
 server.xml that ships with Tomcat sets this to 20000 (i.e. 20 seconds).
 Unless disableUploadTimeout is set to <code>false</code>,
 this timeout will also be used when reading the request body (if any).
 </attribute>

 <attribute name="connectionUploadTimeout" required="false">
 Specifies the timeout, in milliseconds, to use while a data upload is
 in progress. This only takes effect if
 disableUploadTimeout is set to <code>false</code>.
 
 </attribute>

 <attribute name="continueResponseTiming" required="false">
 When to respond with a <code>100</code> intermediate response code to a
 request containing an <code>Expect: 100-continue</code> header.
 The following values may used:
 <ul>
 <li><code>immediately</code> - an intermediate 100 status response
 will be returned as soon as practical</li>
 <li><code>onRead</code> - an intermediate 100 status
 response will be returned only when the Servlet reads the request body,
 allowing the servlet to inspect the headers and possibly respond
 before the user agent sends a possibly large request body.</li>
 </ul>
 
 </attribute>

 <attribute name="defaultSSLHostConfigName" required="false">
 The name of the default SSLHostConfig that will be
 used for secure connections (if this connector is configured for secure
 connections) if the client connection does not provide SNI or if the SNI
 is provided but does not match any configured
 SSLHostConfig. If not specified the default value of
 <code>_default_</code> will be used. Provided values are always converted
 to lower case.
 </attribute>

 <attribute name="disableUploadTimeout" required="false">
 This flag allows the servlet container to use a different, usually
 longer connection timeout during data upload. If not specified, this
 attribute is set to <code>true</code> which disables this longer timeout.
 
 </attribute>

 <attribute name="executor" required="false">
 A reference to the name in an <a href="executor.html">Executor</a>
 element. If this attribute is set, and the named executor exists, the
 connector will use the executor, and all the other thread attributes will
 be ignored. Note that if a shared executor is not specified for a
 connector then the connector will use a private, internal executor to
 provide the thread pool.
 </attribute>

 <attribute name="executorTerminationTimeoutMillis" required="false">
 The time that the private internal executor will wait for request
 processing threads to terminate before continuing with the process of
 stopping the connector. If not set, the default is <code>5000</code> (5
 seconds).
 </attribute>

 <attribute name="keepAliveTimeout" required="false">
 The number of milliseconds this Connector will wait
 for another HTTP request before closing the connection. The default value
 is to use the value that has been set for the
 connectionTimeout attribute.
 Use a value of -1 to indicate no (i.e. infinite) timeout.
 </attribute>

 <attribute name="maxConnections" required="false">
 The maximum number of connections that the server will accept and
 process at any given time. When this number has been reached, the server
 will accept, but not process, one further connection. This additional
 connection be blocked until the number of connections being processed
 falls below maxConnections at which point the server will
 start accepting and processing new connections again. Note that once the
 limit has been reached, the operating system may still accept connections
 based on the <code>acceptCount</code> setting. The default value
 is <code>8192</code>.
 For NIO/NIO2 only, setting the value to -1, will disable the
 maxConnections feature and connections will not be counted.
 </attribute>

 <attribute name="maxExtensionSize" required="false">
 Limits the total length of chunk extensions in chunked HTTP requests.
 If the value is <code>-1</code>, no limit will be imposed. If not
 specified, the default value of <code>8192</code> will be used.
 </attribute>

 <attribute name="maxHeaderCount" required="false">
 The maximum number of headers in a request that are allowed by the
 container. A request that contains more headers than the specified limit
 will be rejected. A value of less than 0 means no limit.
 If not specified, a default of 100 is used.
 </attribute>

 <attribute name="maxHttpHeaderSize" required="false">
 Provides the default value for
 maxHttpRequestHeaderSize and
 maxHttpResponseHeaderSize. If not specified, this
 attribute is set to 8192 (8 KiB).
 </attribute>

 <attribute name="maxHttpRequestHeaderSize" required="false">
 The maximum permitted size of the request line and headers associated
 with an HTTP request, specified in bytes. This is compared to the number
 of bytes received so includes line terminators and whitespace as well as
 the request line, header names and header values. If not specified, this
 attribute is set to the value of the <code>maxHttpHeaderSize</code>
 attribute.
 If you see "Request header is too large" errors you can increase this,
 but be aware that Tomcat will allocate the full amount you specify for
 every request. For example, if you specify a maxHttpRequestHeaderSize of
 1 MB and your application handles 100 concurrent requests, you will see
 100 MB of heap consumed by request headers.
 </attribute>

 <attribute name="maxHttpResponseHeaderSize" required="false">
 The maximum permitted size of the response line and headers associated
 with an HTTP response, specified in bytes. This is compared to the number
 of bytes written so includes line terminators and whitespace as well as
 the status line, header names and header values. If not specified, this
 attribute is set to the value of the <code>maxHttpHeaderSize</code>
 attribute.
 </attribute>

 <attribute name="maxKeepAliveRequests" required="false">
 The maximum number of HTTP requests which can be pipelined until
 the connection is closed by the server. Setting this attribute to 1 will
 disable HTTP/1.0 keep-alive, as well as HTTP/1.1 keep-alive and
 pipelining. Setting this to -1 will allow an unlimited amount of
 pipelined or keep-alive HTTP requests.
 If not specified, this attribute is set to 100.
 </attribute>

 <attribute name="maxSwallowSize" required="false">
 The maximum number of request body bytes (excluding transfer encoding
 overhead) that will be swallowed by Tomcat for an aborted upload. An
 aborted upload is when Tomcat knows that the request body is going to be
 ignored but the client still sends it. If Tomcat does not swallow the body
 the client is unlikely to see the response. If not specified the default
 of 2097152 (2 MiB) will be used. A value of less than zero indicates
 that no limit should be enforced.
 </attribute>

 <attribute name="maxThreads" required="false">
 The maximum number of request processing threads to be created
 by this Connector, which therefore determines the
 maximum number of simultaneous requests that can be handled. If
 not specified, this attribute is set to 200. If an executor is associated
 with this connector, this attribute is ignored as the connector will
 execute tasks using the executor rather than an internal thread pool. Note
 that if an executor is configured any value set for this attribute will be
 recorded correctly but it will be reported (e.g. via JMX) as
 <code>-1</code> to make clear that it is not used.
 </attribute>

 <attribute name="maxTrailerSize" required="false">
 Limits the total length of trailing headers in the last chunk of
 a chunked HTTP request. If the value is <code>-1</code>, no limit will be
 imposed. If not specified, the default value of <code>8192</code> will be
 used.
 </attribute>

 <attribute name="minSpareThreads" required="false">
 The minimum number of threads always kept running. This includes both
 active and idle threads. If not specified, the default of <code>10</code>
 is used. If an executor is associated with this connector, this attribute
 is ignored as the connector will execute tasks using the executor rather
 than an internal thread pool. Note that if an executor is configured any
 value set for this attribute will be recorded correctly but it will be
 reported (e.g. via JMX) as <code>-1</code> to make clear that it is not
 used.
 </attribute>

 <attribute name="noCompressionUserAgents" required="false">
 The value is a regular expression (using <code>java.util.regex</code>)
 matching the <code>user-agent</code> header of HTTP clients for which
 compression should not be used,
 because these clients, although they do advertise support for the
 feature, have a broken implementation.
 The default value is an empty String (regexp matching disabled).
 </attribute>

 <attribute name="processorCache" required="false">
 The protocol handler caches Processor objects to speed up performance.
 This setting dictates how many of these objects get cached.
 <code>-1</code> means unlimited, default is <code>200</code>. If not using
 Servlet 3.0 asynchronous processing, a good default is to use the same as
 the maxThreads setting. If using Servlet 3.0 asynchronous processing, a
 good default is to use the larger of maxThreads and the maximum number of
 expected concurrent requests (synchronous and asynchronous).
 </attribute>

 <attribute name="rejectIllegalHeader" required="false">
 If an HTTP request is received that contains an illegal header name or
 value (e.g. the header name is not a token) this setting determines if the
 request will be rejected with a 400 response (<code>true</code>) or if the
 illegal header be ignored (<code>false</code>). The default value is
 <code>true</code> which will cause the request to be rejected.
 
 This setting will be removed in Tomcat 11 onwards where it will be
 hard-coded to <code>true</code>.
 </attribute>

 <attribute name="relaxedPathChars" required="false">
 The <a href="https://tools.ietf.org/rfc/rfc7230.txt">HTTP/1.1
 specification</a> requires that certain characters are %nn encoded when
 used in URI paths. Unfortunately, many user agents including all the major
 browsers are not compliant with this specification and use these
 characters in unencoded form. To prevent Tomcat rejecting such requests,
 this attribute may be used to specify the additional characters to allow.
 If not specified, no additional characters will be allowed. The value may
 be any combination of the following characters:
 <code>" < > [ \ ] ^ ` { | }</code> . Any other characters
 present in the value will be ignored.
 </attribute>

 <attribute name="relaxedQueryChars" required="false">
 The <a href="https://tools.ietf.org/rfc/rfc7230.txt">HTTP/1.1
 specification</a> requires that certain characters are %nn encoded when
 used in URI query strings. Unfortunately, many user agents including all
 the major browsers are not compliant with this specification and use these
 characters in unencoded form. To prevent Tomcat rejecting such requests,
 this attribute may be used to specify the additional characters to allow.
 If not specified, no additional characters will be allowed. The value may
 be any combination of the following characters:
 <code>" < > [ \ ] ^ ` { | }</code> . Any other characters
 present in the value will be ignored.
 </attribute>

 <attribute name="restrictedUserAgents" required="false">
 The value is a regular expression (using <code>java.util.regex</code>)
 matching the <code>user-agent</code> header of HTTP clients for which
 HTTP/1.1 or HTTP/1.0 keep alive should not be used, even if the clients
 advertise support for these features.
 The default value is an empty String (regexp matching disabled).
 </attribute>

 <attribute name="server" required="false">
 Overrides the Server header for the http response. If set, the value
 for this attribute overrides any Server header set by a web application.
 If not set, any value specified by the application is used. If the
 application does not specify a value then no Server header is set.
 </attribute>

 <attribute name="serverRemoveAppProvidedValues" required="false">
 If <code>true</code>, any Server header set by a web
 application will be removed. Note that if server is set,
 this attribute is effectively ignored. If not set, the default value of
 <code>false</code> will be used.
 </attribute>

 <attribute name="SSLEnabled" required="false">
 Use this attribute to enable SSL traffic on a connector.
 To turn on SSL handshake/encryption/decryption on a connector
 set this value to <code>true</code>.
 The default value is <code>false</code>.
 When turning this value <code>true</code> you will want to set the
 <code>scheme</code> and the <code>secure</code> attributes as well
 to pass the correct <code>request.getScheme()</code> and
 <code>request.isSecure()</code> values to the servlets
 See <a href="#SSL_Support">SSL Support</a> for more information.
 
 </attribute>

 <attribute name="tcpNoDelay" required="false">
 If set to <code>true</code>, the TCP_NO_DELAY option will be
 set on the server socket, which improves performance under most
 circumstances. This is set to <code>true</code> by default.
 </attribute>

 <attribute name="threadPriority" required="false">
 The priority of the request processing threads within the JVM.
 The default value is <code>5</code> (the value of the
 <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
 for the <code>java.lang.Thread</code> class for more details on what
 this priority means. If an executor is associated
 with this connector, this attribute is ignored as the connector will
 execute tasks using the executor rather than an internal thread pool. Note
 that if an executor is configured any value set for this attribute will be
 recorded correctly but it will be reported (e.g. via JMX) as
 <code>-1</code> to make clear that it is not used.
 </attribute>

 <attribute name="throwOnFailure" required="false">
 If the Connector experiences an Exception during a Lifecycle transition
 should the Exception be rethrown or logged? If not specified, the default
 of <code>false</code> will be used. Note that the default can be changed
 by the <code>org.apache.catalina.startup.EXIT_ON_INIT_FAILURE</code>
 system property.
 </attribute>

 <attribute name="useAsyncIO" required="false">
 (bool) Use this attribute to enable or disable usage of the
 asynchronous IO API. The default value is <code>true</code>.
 </attribute>

 <attribute name="useKeepAliveResponseHeader" required="false">
 (bool) Use this attribute to enable or disable the addition of the
 <code>Keep-Alive</code> HTTP response header as described in
 <a href="https://tools.ietf.org/html/draft-thomson-hybi-http-timeout-03">this
 Internet-Draft</a>. The default value is <code>true</code>.
 </attribute>

 <attribute name="useVirtualThreads" required="false">
 (bool) Use this attribute to enable or disable usage of virtual threads
 with the internal executor. If an executor is associated with this
 connector, this attribute is ignored. The default value is
 <code>false</code>.
 </attribute>

 </attributes>

 </subsection>

 <subsection name="Java TCP socket attributes">

 The NIO and NIO2 implementation support the following Java TCP
 socket attributes in addition to the common Connector and HTTP attributes
 listed above.

 <attributes>
 <attribute name="socket.rxBufSize" required="false">
 (int)The socket receive buffer (SO_RCVBUF) size in bytes. JVM default
 used if not set.
 </attribute>
 <attribute name="socket.txBufSize" required="false">
 (int)The socket send buffer (SO_SNDBUF) size in bytes. JVM default
 used if not set. Care should be taken if explicitly setting this value.
 Very poor performance has been observed on some JVMs with values less
 than ~8k.
 </attribute>
 <attribute name="socket.tcpNoDelay" required="false">
 (bool)This is equivalent to standard attribute
 tcpNoDelay.
 </attribute>
 <attribute name="socket.soKeepAlive" required="false">
 (bool)Boolean value for the socket's keep alive setting
 (SO_KEEPALIVE). JVM default used if not set.
 </attribute>
 <attribute name="socket.ooBInline" required="false">
 (bool)Boolean value for the socket OOBINLINE setting. JVM default
 used if not set.
 </attribute>
 <attribute name="socket.soReuseAddress" required="false">
 (bool)Boolean value for the sockets reuse address option
 (SO_REUSEADDR). JVM default used if not set.
 </attribute>
 <attribute name="socket.soLingerOn" required="false">
 (bool)Boolean value for the sockets so linger option (SO_LINGER).
 A value for the standard attribute connectionLinger
 that is >=0 is equivalent to setting this to <code>true</code>.
 A value for the standard attribute connectionLinger
 that is <0 is equivalent to setting this to <code>false</code>.
 Both this attribute and <code>soLingerTime</code> must be set else the
 JVM defaults will be used for both.
 </attribute>
 <attribute name="socket.soLingerTime" required="false">
 (int)Value in seconds for the sockets so linger option (SO_LINGER).
 This is equivalent to standard attribute
 connectionLinger.
 Both this attribute and <code>soLingerOn</code> must be set else the
 JVM defaults will be used for both.
 </attribute>
 <attribute name="socket.soTimeout" required="false">
 This is equivalent to standard attribute
 connectionTimeout.
 </attribute>
 <attribute name="socket.performanceConnectionTime" required="false">
 (int)The first value for the performance settings. See
 <a href="http://docs.oracle.com/javase/7/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a>.
 All three performance attributes must be set else the JVM defaults will
 be used for all three.
 </attribute>
 <attribute name="socket.performanceLatency" required="false">
 (int)The second value for the performance settings. See
 <a href="http://docs.oracle.com/javase/7/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a>.
 All three performance attributes must be set else the JVM defaults will
 be used for all three.
 </attribute>
 <attribute name="socket.performanceBandwidth" required="false">
 (int)The third value for the performance settings. See
 <a href="http://docs.oracle.com/javase/7/docs/api/java/net/Socket.html#setPerformancePreferences(int,%20int,%20int)">Socket Performance Options</a>.
 All three performance attributes must be set else the JVM defaults will
 be used for all three.
 </attribute>
 <attribute name="socket.unlockTimeout" required="false">
 (int) The timeout for a socket unlock. When a connector is stopped, it will try to release the acceptor thread by opening a connector to itself.
 The default value is <code>250</code> and the value is in milliseconds
 </attribute>
 </attributes>
 </subsection>

 <subsection name="NIO specific configuration">

 The following attributes are specific to the NIO connector.

 <attributes>

 <attribute name="pollerThreadPriority" required="false">
 (int)The priority of the poller threads.
 The default value is <code>5</code> (the value of the
 <code>java.lang.Thread.NORM_PRIORITY</code> constant). See the JavaDoc
 for the <code>java.lang.Thread</code> class for more details on what
 this priority means.
 </attribute>

 <attribute name="selectorTimeout" required="false">
 (int)The time in milliseconds to timeout on a select() for the
 poller. This value is important, since connection clean up is done on
 the same thread, so do not set this value to an extremely high one. The
 default value is <code>1000</code> milliseconds.
 </attribute>

 <attribute name="useSendfile" required="false">
 (bool)Use this attribute to enable or disable sendfile capability.
 The default value is <code>true</code>. Note that the use of sendfile
 will disable any compression that Tomcat may otherwise have performed on
 the response.
 </attribute>

 <attribute name="socket.directBuffer" required="false">
 (bool)Boolean value, whether to use direct ByteBuffers or java mapped
 ByteBuffers. If <code>true</code> then
 <code>java.nio.ByteBuffer.allocateDirect()</code> is used to allocate
 the buffers, if <code>false</code> then
 <code>java.nio.ByteBuffer.allocate()</code> is used. The default value
 is <code>false</code>. 
 When you are using direct buffers, make sure you allocate the
 appropriate amount of memory for the direct memory space. On Sun's JDK
 that would be something like <code>-XX:MaxDirectMemorySize=256m</code>.
 
 </attribute>

 <attribute name="socket.directSslBuffer" required="false">
 (bool)Boolean value, whether to use direct ByteBuffers or java mapped
 ByteBuffers for the SSL buffers. If <code>true</code> then
 <code>java.nio.ByteBuffer.allocateDirect()</code> is used to allocate
 the buffers, if <code>false</code> then
 <code>java.nio.ByteBuffer.allocate()</code> is used. The default value
 is <code>false</code>. 
 When you are using direct buffers, make sure you allocate the
 appropriate amount of memory for the direct memory space. On Oracle's JDK
 that would be something like <code>-XX:MaxDirectMemorySize=256m</code>.
 
 </attribute>

 <attribute name="socket.appReadBufSize" required="false">
 (int)Each connection that is opened up in Tomcat get associated with
 a read ByteBuffer. This attribute controls the size of this buffer. By
 default this read buffer is sized at <code>8192</code> bytes. For lower
 concurrency, you can increase this to buffer more data. For an extreme
 amount of keep alive connections, decrease this number or increase your
 heap size.
 </attribute>

 <attribute name="socket.appWriteBufSize" required="false">
 (int)Each connection that is opened up in Tomcat get associated with
 a write ByteBuffer. This attribute controls the size of this buffer. By
 default this write buffer is sized at <code>8192</code> bytes. For low
 concurrency you can increase this to buffer more response data. For an
 extreme amount of keep alive connections, decrease this number or
 increase your heap size. 
 The default value here is pretty low, you should up it if you are not
 dealing with tens of thousands concurrent connections.
 </attribute>

 <attribute name="socket.bufferPool" required="false">
 (int)The NIOx connector uses a class called NioXChannel that holds
 elements linked to a socket. To reduce garbage collection, the NIOx
 connector caches these channel objects. This value specifies the size of
 this cache. The default value is <code>-2</code>. Special values are
 <code>-1</code> for unlimited cache, <code>0</code> for no cache,
 and <code>-2</code> for a value computed using the bufferPoolSize
 attribute.
 </attribute>

 <attribute name="socket.bufferPoolSize" required="false">
 (int)The NioXChannel pool can also be size based, not used object
 based. If bufferPool is not -2, then this value will not be used. 
 The value is in bytes except for special values. Special values are
 <code>-1</code> for unlimited cache, <code>0</code> for no cache,
 and <code>-2</code> for a value computed as follows: 
 NioXChannel
 <code>buffer size = read buffer size + write buffer size</code> 
 SecureNioXChannel <code>buffer size = application read buffer size +
 application write buffer size + twice the max SNI parse size</code>.
 If the maximum memory as reported by the runtime is greater than
 1GB, then the pool size value is the memory divided by the buffer
 size. Otherwise, it will be 0.
 
 </attribute>

 <attribute name="socket.processorCache" required="false">
 (int)Tomcat will cache SocketProcessor objects to reduce garbage
 collection. The integer value specifies how many objects to keep in the
 cache at most. The default is <code>0</code>. Special values are
 <code>-1</code> for unlimited cache and <code>0</code> for no cache.
 </attribute>

 <attribute name="socket.eventCache" required="false">
 (int)Tomcat will cache PollerEvent objects to reduce garbage
 collection. The integer value specifies how many objects to keep in the
 cache at most. The default is <code>0</code>. Special values are
 <code>-1</code> for unlimited cache and <code>0</code> for no cache.
 </attribute>

 <attribute name="unixDomainSocketPath" required="false">
 Where supported, the path to a Unix Domain Socket that this
 Connector will create and await incoming connections.
 When this is specified, the otherwise mandatory <code>port</code>
 attribute may be omitted.
 See <a href="#Unix_Domain_Socket_Support">Unix Domain Socket Support</a>
 for more information.
 </attribute>

 <attribute name="unixDomainSocketPathPermissions" required="false">
 Where supported, the posix permissions that will be applied to the
 to the Unix Domain Socket specified with
 <code>unixDomainSocketPath</code> above. The
 permissions are specified as a string of nine characters, in three sets
 of three: (r)ead, (w)rite and e(x)ecute for owner, group and others
 respectively. If a permission is not granted, a hyphen is used. If
 unspecified, the permissions default to <code>rw-rw-rw-</code>.
 </attribute>

 <attribute name="useInheritedChannel" required="false">
 (bool)Defines if this connector should inherit an inetd/systemd network socket.
 Only one connector can inherit a network socket. This can option can be
 used to automatically start Tomcat once a connection request is made to
 the systemd super daemon's port.
 The default value is <code>false</code>. See the JavaDoc
 for the <code>java.nio.channels.spi.SelectorProvider</code> class for
 more details.
 </attribute>

 </attributes>
 </subsection>

 <subsection name="NIO2 specific configuration">

 The following attributes are specific to the NIO2 connector.

 <attributes>

 <attribute name="useSendfile" required="false">
 (bool)Use this attribute to enable or disable sendfile capability.
 The default value is <code>true</code>. Note that the use of sendfile
 will disable any compression that Tomcat may otherwise have performed on
 the response.
 </attribute>

 <attribute name="socket.directBuffer" required="false">
 (bool)Boolean value, whether to use direct ByteBuffers or java mapped
 ByteBuffers. If <code>true</code> then
 <code>java.nio.ByteBuffer.allocateDirect()</code> is used to allocate
 the buffers, if <code>false</code> then
 <code>java.nio.ByteBuffer.allocate()</code> is used. The default value
 is <code>false</code>. 
 When you are using direct buffers, make sure you allocate the
 appropriate amount of memory for the direct memory space. On Sun's JDK
 that would be something like <code>-XX:MaxDirectMemorySize=256m</code>.
 
 </attribute>

 <attribute name="socket.directSslBuffer" required="false">
 (bool)Boolean value, whether to use direct ByteBuffers or java mapped
 ByteBuffers for the SSL buffers. If <code>true</code> then
 <code>java.nio.ByteBuffer.allocateDirect()</code> is used to allocate
 the buffers, if <code>false</code> then
 <code>java.nio.ByteBuffer.allocate()</code> is used. The default value
 is <code>false</code>. 
 When you are using direct buffers, make sure you allocate the
 appropriate amount of memory for the direct memory space. On Oracle's JDK
 that would be something like <code>-XX:MaxDirectMemorySize=256m</code>.
 
 </attribute>

 <attribute name="socket.appReadBufSize" required="false">
 (int)Each connection that is opened up in Tomcat get associated with
 a read ByteBuffer. This attribute controls the size of this buffer. By
 default this read buffer is sized at <code>8192</code> bytes. For lower
 concurrency, you can increase this to buffer more data. For an extreme
 amount of keep alive connections, decrease this number or increase your
 heap size.
 </attribute>

 <attribute name="socket.appWriteBufSize" required="false">
 (int)Each connection that is opened up in Tomcat get associated with
 a write ByteBuffer. This attribute controls the size of this buffer. By
 default this write buffer is sized at <code>8192</code> bytes. For low
 concurrency you can increase this to buffer more response data. For an
 extreme amount of keep alive connections, decrease this number or
 increase your heap size. 
 The default value here is pretty low, you should up it if you are not
 dealing with tens of thousands concurrent connections.
 </attribute>

 <attribute name="socket.bufferPool" required="false">
 (int)The NIO2 connector uses a class called Nio2Channel that holds
 elements linked to a socket. To reduce garbage collection, the NIO2
 connector caches these channel objects. This value specifies the size of
 this cache. The default value is <code>500</code>, and represents that
 the cache will hold 500 Nio2Channel objects. Other values are
 <code>-1</code> for unlimited cache and <code>0</code> for no cache.
 </attribute>

 <attribute name="socket.processorCache" required="false">
 (int)Tomcat will cache SocketProcessor objects to reduce garbage
 collection. The integer value specifies how many objects to keep in the
 cache at most. The default is <code>0</code>. Other values are
 <code>-1</code> for unlimited cache and <code>0</code> for no cache.
 </attribute>

 </attributes>
 </subsection>

</section>

<section name="Nested Components">

 Tomcat supports Server Name Indication (SNI). This allows multiple SSL
 configurations to be associated with a single secure connector with the
 configuration used for any given connection determined by the host name
 requested by the client. To facilitate this, the
 SSLHostConfig element was added which can be used to define
 one of these configurations. Any number of SSLHostConfig may
 be nested in a Connector. At the same time, support was added
 for multiple certificates to be associated with a single
 SSLHostConfig. Each SSL certificate is therefore configured
 in a Certificate element within an
 SSLHostConfig. For further information, see the SSL Support
 section below.

 When OpenSSL is providing the TLS implementation, one or more
 OpenSSLConfCmd elements may be nested inside a
 OpenSSLConf element to configure OpenSSL via OpenSSL's
 <code>SSL_CONF</code> API. A single OpenSSLConf element may
 be nested in a SSLHostConfig element. For further
 information, see the SSL Support section below

</section>

<section name="Special Features">

 <subsection name="HTTP/1.1 and HTTP/1.0 Support">

 This Connector supports all of the required features
 of the HTTP/1.1 protocol, as described in RFCs 7230-7235, including persistent
 connections, pipelining, expectations and chunked encoding. If the client
 supports only HTTP/1.0 or HTTP/0.9, the
 Connector will gracefully fall back to supporting this
 protocol as well. No special configuration is required to enable this
 support. The Connector also supports HTTP/1.0
 keep-alive.

 RFC 7230 requires that HTTP servers always begin their responses with
 the highest HTTP version that they claim to support. Therefore, this
 Connector will always return <code>HTTP/1.1</code> at
 the beginning of its responses.

 </subsection>

 <subsection name="HTTP/2 Support">

 HTTP/2 is support is provided for TLS (h2), non-TLS via HTTP upgrade (h2c)
 and direct HTTP/2 (h2c) connections. To enable HTTP/2 support for an HTTP
 connector the following UpgradeProtocol element must be
 nested within the Connector with a
 className attribute of
 <code>org.apache.coyote.http2.Http2Protocol</code>.

<source><![CDATA[<Connector ... >
 <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
</Connector>]]></source>

 Additional configuration attributes are available. See the
 <a href="http2.html">HTTP/2 Upgrade Protocol</a> documentation for details.

 </subsection>

 <subsection name="Proxy Support">

 The <code>proxyName</code> and <code>proxyPort</code> attributes can
 be used when Tomcat is run behind a proxy server. These attributes
 modify the values returned to web applications that call the
 <code>request.getServerName()</code> and <code>request.getServerPort()</code>
 methods, which are often used to construct absolute URLs for redirects.
 Without configuring these attributes, the values returned would reflect
 the server name and port on which the connection from the proxy server
 was received, rather than the server name and port to whom the client
 directed the original request.

 For more information, see the
 <a href="../proxy-howto.html">Proxy Support How-To</a>.

 </subsection>

 <subsection name="Unix Domain Socket Support">

 When the <code>unixDomainSocketPath</code> attribute is used, connectors
 that support Unix Domain Sockets will bind to the socket at the given path.
 

 For users of Java 16 and higher, support is provided within the NIO
 connectors.
 

 The socket path is created with read and write permissions for all
 users. To protect this socket, place it in a directory with suitable
 permissions appropriately configured to restrict access as required.
 Alternatively, on platforms that support posix permissions, the
 permissions on the socket can be set directly with the
 <code>unixDomainSocketPathPermissions</code> option.
 

 Tomcat will automatically remove the socket on server shutdown. If the
 socket already exists startup will fail. Care must be taken by the
 administrator to remove the socket after verifying that the socket isn't
 already being used by an existing Tomcat process.

 The Unix Domain Socket can be accessed using the
 <code>--unix-socket</code> option of the <code>curl</code> command line
 client, and the Unix Domain Socket support in Apache HTTP server's
 <code>mod_proxy</code> module.
 

 </subsection>

 <subsection name="SSL Support">

 You can enable SSL support for a particular instance of this
 Connector by setting the <code>SSLEnabled</code> attribute to
 <code>true</code>.

 You will also need to set the <code>scheme</code> and <code>secure</code>
 attributes to the values <code>https</code> and <code>true</code>
 respectively, to pass correct information to the servlets.

 The NIO and NIO2 connectors use either the JSSE Java SSL implementation or
 an OpenSSL implementation. As far as possible, common configuration attributes
 are used for both JSSE and OpenSSL.

 Each secure connector must define at least one
 SSLHostConfig. The names of the
 SSLHostConfig elements must be unique and one of them must
 match the <code>defaultSSLHostConfigName</code> attribute of the
 Connector.

 Each SSLHostConfig must in turn define at least one
 Certificate. The types of the Certificates
 must be unique.

 In addition to the standard TLS related request attributes defined in
 section 3.10 of the Servlet specification, Tomcat supports a number of
 additional TLS related attributes. The full list may be found in the <a
 href="http://tomcat.apache.org/tomcat-10.1-doc/api/index.html">SSLSupport
 Javadoc</a>.

 For more information, see the
 <a href="../ssl-howto.html">SSL Configuration How-To</a>.

 </subsection>

 <subsection name="SSL Support - SSLHostConfig">

 

 <attributes>

 <attribute name="certificateRevocationListFile" required="false">
 Name of the file that contains the concatenated certificate revocation
 lists for the certificate authorities. The format is PEM-encoded. If not
 defined, client certificates will not be checked against a certificate
 revocation list (unless an OpenSSL based connector is used and
 certificateRevocationListPath is defined). Relative paths
 will be resolved against <code>$CATALINA_BASE</code>. JSSE based
 connectors may also specify a URL for this attribute.
 </attribute>

 <attribute name="certificateRevocationListPath" required="false">
 OpenSSL only.
 Name of the directory that contains the certificate revocation lists
 for the certificate authorities. The format is PEM-encoded. Relative paths
 will be resolved against <code>$CATALINA_BASE</code>.
 </attribute>

 <attribute name="certificateVerification" required="false">
 Set to <code>required</code> if you want the SSL stack to require a
 valid certificate chain from the client before accepting a connection.
 Set to <code>optional</code> if you want the SSL stack to request a client
 Certificate, but not fail if one isn't presented. Set to
 <code>optionalNoCA</code> if you want client certificates to be optional
 and you don't want Tomcat to check them against the list of trusted CAs.
 If the TLS provider doesn't support this option (OpenSSL does, JSSE does
 not) it is treated as if <code>optional</code> was specified. If
 <code>optionalNoCA</code> is configured then OCSP will also be disabled.
 <code>none</code> value (which is the default) will not require a
 certificate chain unless the client requests a resource protected by a
 security constraint that uses <code>CLIENT-CERT</code> authentication.
 </attribute>

 <attribute name="certificateVerificationDepth" required="false">
 The maximum number of intermediate certificates that will be allowed
 when validating client certificates. If not specified, the default value
 of 10 will be used.
 </attribute>

 <attribute name="caCertificateFile" required="false">
 OpenSSL only.
 Name of the file that contains the concatenated certificates for the
 trusted certificate authorities. The format is PEM-encoded.
 </attribute>

 <attribute name="caCertificatePath" required="false">
 OpenSSL only.
 Name of the directory that contains the certificates for the trusted
 certificate authorities. The format is PEM-encoded.
 </attribute>

 <attribute name="ciphers" required="false">
 The ciphers to enable using the OpenSSL syntax. (See the OpenSSL
 documentation for the list of ciphers supported and the syntax).
 Alternatively, a comma separated list of ciphers using the standard
 OpenSSL cipher names or the standard JSSE cipher names may be used.
 Different versions of OpenSSL may interpret the same cipher string
 differently. For example, the <code>CCM8</code> ciphers were moved from
 <code>HIGH</code> to <code>MEDIUM</code> in OpenSSL 3.2. Regardless of
 the OpenSSL or JSSE version used, Tomcat converts the provided cipher
 value to a list of ciphers in a manner consistent with the latest OpenSSL
 development branch. This list of ciphers is then passed to the SSL
 implementation.
 Only the ciphers that are supported by the SSL implementation will be
 used. Any ciphers in the list derived from a non-default cipher string
 that are not supported by the SSL implementation will be logged in a
 <code>WARNING</code> message when the Connector starts. The warning can be
 avoided by providing an explicit list of ciphers that are supported by the
 configured SSL implementation.
 If not specified, a default (using the OpenSSL notation) of
 <code>HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA</code> will be
 used.
 Note that, by default, the order in which ciphers are defined is
 treated as an order of preference. See <code>honorCipherOrder</code>.
 </attribute>

 <attribute name="disableCompression" required="false">
 OpenSSL only.
 Configures if compression is disabled. The default is
 <code>true</code>. If the OpenSSL version used does not support disabling
 compression then the default for that OpenSSL version will be used.
 </attribute>

 <attribute name="disableSessionTickets" required="false">
 OpenSSL only.
 Disables use of TLS session tickets (RFC 5077) if set to
--> --------------------

--> maximum size reached

--> --------------------

¤ Dauer der Verarbeitung: 0.26 Sekunden (vorverarbeitet) ¤

Download des Quellennavigators
Download des sprechenden Kalenders
in der Quellcodebibliothek suchen

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung ist noch experimentell.