Native OpenSSL

Note: This feature requires MailArchiva v6.3.0 or higher and OpenSSL v1.1

 

By default, MailArchiva manages TLS connections using Java Secure Socket Extension (JSSE). However, a reported issue in the core Java libraries may (in some environments) impact the performance of the server when handling a large number of TLS connections. As a workaround, the use of the OpenSSL v1.1 native library can be enabled. MailArchiva v6.3.0 and higher include JNI integration for Windows, Linux and MacOS X versions of OpenSSL v1.1.

 

From the Ubuntu 16.04 linux terminal, install OpenSSL as follows:

 

apt-get install build-essential libssl-dev -y
cd /usr/local/src
wget https://www.openssl.org/source/latest.tar.gz -O openssl-1.1.0.tar.gz
tar -zxvf openssl-1.1.0.tar.gz
cd openssl-1.1.0f
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -Wl,-rpath,/usr/local/ssl/lib
make && make test
make install
mv /usr/bin/openssl /root/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
openssl version
OpenSSL 1.1.0f  25 May 2017

 

To enable OpenSSL integration in MailArchiva, edit /opt/mailarchiva/server/startserver, and modify CATALINA_OPTS as follows:

 

export CATALINA_OPTS="-Dopenssl=true -Dopenssl.path=/usr/local/ssl/lib -Dversion=enterpriseedition -Xmx2048m -Xms256m"

 

Note: The variable openssl.path must refer to the location of the OpenSSL library. 

 

After success init and startup, /var/opt/mailarchiva/tomcat/catalina.out should the following output:

 

26-Jul-2018 12:38:39.217 INFO [localhost-startStop-1] org.wildfly.openssl.SSL.init WFOPENSSL0002 OpenSSL Version OpenSSL 1.1.0h  27 Mar 2018
26-Jul-2018 12:38:39.218 FINE [localhost-startStop-1] org.wildfly.openssl.OpenSSLContextSPI.<init> The version of SSL in use does not support disabling compression
26-Jul-2018 12:38:39.218 FINE [localhost-startStop-1] org.wildfly.openssl.OpenSSLContextSPI.<init> The version of SSL in use does not support disabling session tickets
26-Jul-2018 12:38:39.218 INFO [localhost-startStop-1] com.stimulus.archiva.domain.i.M registered OpenSSL provider

 

 

© 2005 - 2024 ProProfs

Found this information useful? Visit mailarchiva.com to learn more about MailArchiva.

-