Native OpenSSL

Note: This feature requires MailArchiva v6.3.0 or higher and OpenSSL v1.1

 

By default, MailArchiva manages TLS connections using Java Secure Socket Extension (JSSE). However, a reported issue in the core Java libraries may (in some environments) impact the performance of the server when handling a large number of TLS connections. As a workaround, the use of the OpenSSL v1.1 native library can be enabled. MailArchiva v6.3.0 and higher include JNI integration for Windows, Linux and MacOS X versions of OpenSSL v1.1.

 

From the Ubuntu 16.04 linux terminal, install OpenSSL as follows:

 

apt-get install build-essential libssl-dev -y
cd /usr/local/src
wget https://www.openssl.org/source/latest.tar.gz -O openssl-1.1.0.tar.gz
tar -zxvf openssl-1.1.0.tar.gz
cd openssl-1.1.0f
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -Wl,-rpath,/usr/local/ssl/lib
make && make test
make install
mv /usr/bin/openssl /root/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
openssl version
OpenSSL 1.1.0f  25 May 2017

 

To enable OpenSSL integration in MailArchiva, edit /opt/mailarchiva/server/startserver, and modify CATALINA_OPTS as follows:

 

export CATALINA_OPTS="-Dopenssl=true -Dopenssl.path=/usr/local/ssl/lib -Dversion=enterpriseedition -Xmx2048m -Xms256m"

 

Note: The variable openssl.path must refer to the location of the OpenSSL library. 

 

After success init and startup, /var/opt/mailarchiva/tomcat/catalina.out should the following output:

 

26-Jul-2018 12:38:39.217 INFO [localhost-startStop-1] org.wildfly.openssl.SSL.init WFOPENSSL0002 OpenSSL Version OpenSSL 1.1.0h  27 Mar 2018
26-Jul-2018 12:38:39.218 FINE [localhost-startStop-1] org.wildfly.openssl.OpenSSLContextSPI.<init> The version of SSL in use does not support disabling compression
26-Jul-2018 12:38:39.218 FINE [localhost-startStop-1] org.wildfly.openssl.OpenSSLContextSPI.<init> The version of SSL in use does not support disabling session tickets
26-Jul-2018 12:38:39.218 INFO [localhost-startStop-1] com.stimulus.archiva.domain.i.M registered OpenSSL provider

 

 

Was this information helpful?

Found this information useful? Visit mailarchiva.com to learn more about MailArchiva.

The page cannot be found

The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. Please make sure you spelled the page name correctly or use the search box.