DSE Solr makes use of an embedded apache tomcat webserver. The settings for the web server are all configured as part of the DSE install and setup. Tomcat uses HTTP connectors to allow incoming HTTP / HTTPS connections and DSE will configure these as required with default settings.
In some cases there may be a requirement to deviate from the default settings, a good example is where there is a requirement to alter SSL cipher settings to disable weaker ciphers as part of security requirements.
This note discusses how this is achieved and should help as a guide to configuring other settings for the default DSE Solr HTTP port.
The tomcat HTTP connector settings reside in the
server.xml file which is located as follows:
In package installs you'll find it under
In tarball installs its under
server.xml file is quite well commented. Note the comments informing the user that once a connector is configured in here then DSE will not automatically manage the connector settings.
Example of a connector configured for SSL with a required SSL Cipher:
<Connector port="8900" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
Once the configuration is done then restart DSE.
If using SSL it can be easily tested with openssl s_client. The example below shows the port being tested with a non-compliant cipher and being rejected
$ openssl s_client -connect 10.1.2.3:8983 -cipher RC4-SHA CONNECTED(00000003) 140699447514952:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:744: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 101 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---