Description of problem: When Tomcat is updated to version 9.0.13 from the 9.0.10 release initially included with Fedora, TLS (-> OpenSSL, Tomcat Native) stops working due to a library version issue... Version-Release number of selected component (if applicable): tomcat 9.0.13 tomcat-native How reproducible: Always Steps to Reproduce: 1. Update from Tomcat 9.0.10 (Fedora 29 base version) to Tomcat 9.0.13 2. Start Tomcat 3. Errors in logs and TLS doesn't work Actual results: Tomcat unreachable with TLS Expected results: TLS should work Additional info: Relevant log output after update: systemd[1]: Started Apache Tomcat Web Application Container. ... server[6394]: 19-Mar-2019 19:24:32.550 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent An older version [1.2.17] of the APR based Apache Tomcat Native library is installed, while Tomcat recommends a minimum version of [1.2.18] server[6394]: 19-Mar-2019 19:24:32.553 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library [1.2.17] using APR version [1.6.5]. server[6394]: 19-Mar-2019 19:24:32.553 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. server[6394]: 19-Mar-2019 19:24:32.554 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true] server[6394]: 19-Mar-2019 19:24:32.557 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1b FIPS 26 Feb 2019] ... When handling requests: server[1555]: 18-Mar-2019 03:03:17.915 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-nio-8443"] server[1555]: 18-Mar-2019 03:03:17.918 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 4162 ms server[1555]: 18-Mar-2019 03:03:18.980 SEVERE [https-openssl-nio-8443-exec-4] org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun server[1555]: java.lang.UnsatisfiedLinkError: org.apache.tomcat.jni.SSL.renegotiatePending(J)I server[1555]: at org.apache.tomcat.jni.SSL.renegotiatePending(Native Method) server[1555]: at org.apache.tomcat.util.net.openssl.OpenSSLEngine.getHandshakeStatus(OpenSSLEngine.java:1021) server[1555]: at org.apache.tomcat.util.net.openssl.OpenSSLEngine.wrap(OpenSSLEngine.java:457) server[1555]: at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) server[1555]: at org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:440) server[1555]: at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:211) server[1555]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1394) server[1555]: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) server[1555]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) server[1555]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) server[1555]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) server[1555]: at java.lang.Thread.run(Thread.java:748) Workaround: downgrade Tomcat to 9.0.10
TLS works find with the following packages in use: # rpm -qa tomcat tomcat-native openssl apr tomcat-9.0.21-2.fc30.noarch tomcat-native-1.2.21-1.fc30.x86_64 openssl-1.1.1c-6.fc30.x86_64 apr-1.6.5-3.fc30.x86_64