Tomcat 5.5.26 with the following <Connector> configuration (which is identical to that provided in the example server.xml that ships with TC 5.5.26 plus the secure="true" attribute): <Connector port="8080" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" secure="true" /> I get the following exception: java.io.FileNotFoundException: /home/chris/.keystore (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.<init>(FileInputStream.java:106) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:284) Removing the secure="true" attribute results in a successful startup (as expected). Tomcat 6.0.18 with the following <Connector> configuration (which is the default that ships with TC 6.0.18 plus the secure="true" attribute): <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" secure="true" /> Successful startup. Using HTTP, a test JSP reports that request.isSecure() returns true, which is exactly what Filip claims. It appears that the behavior of TC 6.0 and 5.5 are not the same. My expectation is that an HTTP Connector configured with secure="true" would result in an HTTP connector being created that returns true for request.isSecure() (as TC 6.x does).
The ability to set secure=true but not use SSL is a new feature in Tomcat 6, and not a bug in 5.5.x