I'm installing a server that's going to be mostly transferring files over 16MiB, and upload/download speed for individual transfers will be essential, but no more than say 100 connections at once. We have a backend that uses a custom UDP connection, but the failover is to HTTP/TCP so I want to make sure that's fast too
The web server is Apache Tomcat 9.0 and I've installed the APR library so my SSL connector in $CATALINA_HOME/conf/server.xml is working with either
protocol="org.apache.coyote.http11.Http11NioProtocol"
or
protocol="org.apache.coyote.http11.Http11AprProtocol"
and then
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
But I'm finding conflicting information online about which is a better choice on something like Tomcat 9.0.52. It's running in a Debian 11 VM if that changes anything.
This seems to be related Tomcat with APR still says aprConnector is false
When using HTTPS you actually have 5 choices: NIO+JSSE, NIO+OpenSSL, NIO2+JSSE, NIO2+OpenSSL, APR+OpenSSL.
From a presentation by Jean-Frederic Clere at ApacheCon 2017 you can see that:
Since the default configuration of the AprLifecycleListener is equivalent to:
<Listener SSLEngine="on" FIPSMode="off" SSLRandomSeed="builtin"
useAprConnector="false" useOpenSSL="true"
className="org.apache.catalina.core.AprLifecycleListener"/>
you'll get NIO+OpenSSL by default whenever the Tomcat Native Library is detected in your system.