top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Tomcat config: 'compression' versus 'SSLDisableCompression'

0 votes
655 views

I was wondering if someone could clarify the difference between the configuration parameters 'compression' versus 'SSLDisableCompression' or point me to some documentation that explains it?

Do they both refer to the same type of compression?

Based on the Tomcat docs I know the former controls whether or not the connector uses gzip compression. Regarding the latter, the Tomcat docs say:
"Disables compression if set to true and OpenSSL supports disabling compression.". Is that referring to a different type of compression?

Here is the behavior I'm seeing:

--compression=on and SSLDisableCompression=false, the responses are gzip'd
--compression=on and SSLDisableCompression=true, the responses are gzip'd
--compression=off and SSLDisableCompression=false, the responses are not gzip'd

Environment:

Tomcat 7.0.40
Java 7
RHEL (Linux)
APR/native connector with SSL
OpenSSL 1.0.0
APR 1.4.8
posted Aug 8, 2013 by Abhay Kulkarni

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote
 Do they both refer to the same type of compression?

No.

Regarding the latter, the Tomcat docs say:  "Disables compression if set to true and OpenSSL supports disabling compression.". Is that referring to a different type of compression?

Yes.

The Tomcat connector implements compression. The SSL/TLS protocol has a separate compression implementation.

I'd guess (no testing to back this up) that you'd be better off with using the connector compression as you can tailor that to the correct mime-types.

I'd also guess that if you have one, enabling the other doesn't buy you much.

answer Aug 8, 2013 by Amit Parthsarthi
Similar Questions
0 votes

Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x ? I noticed that Tomcat native connector version 1.1.22 uses : OpenSSL 0.9.8 which doesn't have the heartbleeding bug, but 1.1.24 and 1.1.29 also include the buggy openssl.

How can I find which version of Tomcat uses which version of Tomcat native connector ? For example, how can I figure out which version of Tomcat native connector is used by Tomcat 7.0 build 47.

+1 vote

I am trying to setup SSL on my replica set, I am creating the CA with the command

openssl req -newkey rsa:2048 -new -x509 -days 36500 -nodes -out mongodb-cert.crt -keyout mongodb-cert.key

My Environment:

MongoDB 3.2.6
Ubuntu 14.04

My replica set have 3 servers, Is thats the correct way to create the CA ?

+2 votes

I am trying to compile httpd-2.4.7 from source, but i get the following error

"#error mod_ssl requires OpenSSL 0.9.8a or later"

But my installed openssl version is openssl-1.0.1e and I have specified it --with-ssl option.
Any suggestions?

+2 votes

Does anyone knows how-to disable SSL v3 in older tomcat version, I have tried to variety solution including sslProtocols or sslEnabledProtocols but it both did not work well, the Firefox I am using to test is only select TLS 1 and result is that I were not able to access the site.

Below is the server information:

Server version: Apache Tomcat/6.0.18
Server built: Jul 22 2008 02:00:36
Server number: 6.0.18.0
OS Name: Windows 2003
OS Version: 5.2
Architecture: x86
JVM Version: 1.6.0-b105
JVM Vendor: Sun Microsystems Inc

...