There are possible NullPointerException-s in org.apache.coyote.http11.AbstractHttp11Protocol's getSSLProtocol() and getSslEnabledProtocols() methods. In both methods if the SSL host configuration does not contain an "enabledProtocols" configuration the following line causes NPE: StringUtils.join(this.defaultSSLHostConfig.getEnabledProtocols()) Easy repro step is running the following code: public static void main(String[] args) { Http11Nio2Protocol protocol = new Http11Nio2Protocol(); protocol.getSSLProtocol(); }
PR for this bug - https://github.com/apache/tomcat/pull/83
Thanks for the report. This has been fixed in: - 9.0.x for 9.0.2 onwards - 8.5.x for 8.5.24 onwards
Thanks for the quick reaction guys!