Over a million developers have joined DZone.

Configure Tomcat 9 for HTTP/2

HTTP/2 removes bottlenecks from client/server communication. With the specification now official, vendor support is become more mature.

· Java Zone

The Java Zone is brought to you by Stormpath—offering a pre-built Identity API for developers. On 11/3 at 10AM PT, join Stormpath Developer Evangelist, Micah Silverman, to dive deep into using JWTs to protect microservices from CSRF and more. Register here!


One of the most important developments in JavaEE 8 will be support for HTTP/2 (now the official RFC 7540). The Java Community Process JSR-369 has been in development for almost 2 years now, and the specification leaders Ed Burns and Shing Wai Chan have done a great job in advancing its progress.

At the time of writing, three server vendors currently support Servlet 4.0: Apache Tomcat 9.0.0.M4, Jetty 9 and WildFly 10.0.0.Final. Let's have a look at how to configure Tomcat 9 to support it.

The Goal of HTTP2

The goal of HTTP/2 is to increase the perceived performance of the web browsing experience.

Why Do We Need HTTP2

A web page has many resources that need to be loaded. In HTTP 1.0, requests for all resources are sent all at once and the server responds to each request. If one of the resources takes extra time, then all other resources are blocked because of head-of-line blocking.

Upgrade From HTTP1.1

Most website are using HTTP1.1. To talk in HTTP/2 you can use the upgrade header (101 switching protocols) to send h2c to the server. The server will upgrade to h2c (c means clear text). Note that at the moment there is no h2c in Firefox or Chrome.

What if it is secure? We can use ALPN, which is a TLS extension. In the handshake you send an extension and the server will determine that the communication is h2.

Download Tomcat 9

Download the appropriate binary distribution of Tomcat 9 for your system and install by unpacking the bundle. Ensure that you have Java 8 SE installed.

Generate Certificate With OpenSSL

As we have discussed above, it is required to configure TLS to use HTTP/2 because of the lack of clear text support for Firefox and Chrome. For TLS we need a certificate. If you don’t already have a certificate you can generate one with OpenSSL.

Configure server.xml

One of the changes in Tomcat 9 is that TLS virtual hosting and multiple certificates are supported for a single connector, with each virtual host able to support multiple certificates.

Open the conf/server.xml file and make the following configuration changes.

<Connector port="8443"
maxThreads="150" SSLEnabled="true">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/>
<SSLHostConfig honorCipherOrder="false">
<Certificate certificateKeyFile="conf/ca.key"

Restart Tomcat.


To test the configuration visit https://localhost:8443. If you see the Tomcat home page, then you have successfully configured TLS for Tomcat 9. You are now ready to develop using Servlet 4.0.

Watch this space for more tutorials about Servlet 4.0.

If you are interested in the HTTP/2 specification you might be interested in my HTTP/2 specification tutorial.

Building Identity Management, including authentication and authorization? Try Stormpath! Our REST API and robust Java SDK support can eliminate your security risk and can be implemented in minutes. Sign up, and never build auth again!

tomcat,http 2

Published at DZone with permission of Alex Theedom. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}