SSL configuration : getting class(PureTLSImplementation, JSSE15Factory) not found on tomcat startup

StackOverflow https://stackoverflow.com/questions/11427522

Question

I am using tomcat 5.5.30 and configured the same for SSL.Functionality is working fine but I am getting below exception on tomcat start up.

java.lang.ClassNotFoundException: Error loading SSL Implementation org.apache.tomcat.util.net.puretls.PureTLSImplementation :java.lang.ClassNotFoundException: class org.apache.tomcat.util.net.puretls.PureTLSImplementation not found.
    at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:79)
    at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:48)
    at org.apache.tomcat.util.net.SSLImplementation.getInstance(SSLImplementation.java:64)
    at org.apache.coyote.http11.Http11BaseProtocol.checkSocketFactory(Http11BaseProtocol.java:730)
    at org.apache.coyote.http11.Http11BaseProtocol.init(Http11BaseProtocol.java:121)
    at org.apache.catalina.connector.Connector.initialize(Connector.java:1002)

and

java.lang.ClassNotFoundException: class org.apache.tomcat.util.net.jsse.JSSE15Factory not found.

I have checked for these classes in tomcat-util.jar but these classes are not present.I am sure that i am using correct and compatible jars which is available in tomcat 5.5.30 bundle.

Any idea why I am getting this issue.Is this a bug in tomcat.

Please help.Thanks in advance.

Was it helpful?

Solution

You should only see those messages if you have debug level logging enabled.

The first message indicates that the optional PureTLS SSL implementation is not available. The source for this integration is still in the source distribution but there is so little interest in it from the Tomcat user community that it has not been distributed in the binary for quite some time.

The second message indicates that the Java 5 JSSE factory is not available. This is because the binary distribution was built with Java 1.4. You can build from source with Java 1.5 to get this factory although I very much doubt you'd notice any difference.

Tomcat will therefore be using the Java 1.4 JSSE factory which is why SSL still works.

Of greater concern should be the security vulnerabilities known to be present in 5.5.30 [1] and the fact that Tomcat 5.5.x will reach End Of Life in less than 3 months [2]. Now would be a really good time to upgrade to Tomcat 7.

[1] http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.30

[2] http://tomcat.apache.org/tomcat-55-eol.html

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top