date:20170626

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-26 Thread Peter Kreuser

Todd,




Peter Kreuser


Peter Kreuser
> Am 26.06.2017 um 18:56 schrieb Christopher Schultz 
> :
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Todd,
> 
>> On 6/23/17 2:56 PM, Todd wrote:
>> Thank you Peter - I tried that previously, and just to double check
>> tried it again.  No difference at all.  a set of ciphers is being
>> presented that do not match to the cipher list that I've included
>> at all.
>> 
>> Any other ideas as to what could be overriding this list?  As
>> mentioned, some things when edited do take effect, like the
>> protocol selection (I can remove TLS, add SSL, etc.), if I have a
>> syntax error, the server won't start and will give an error, but
>> nothing I put in ciphers seems  to work.
> 
> Can you provide a clean configuration that exhibits this behavior?
> 
> What are you using to test the effective configuration?

Another question: are you sure that you hit the Connector that you configure? 
Tomcat should be reasonably configured in defaults with a current JDK...

8443 or the like are not scanned with ssllabs! So it may as well hit an apache 
on the same machine!

Can you show detail on what ssllabs is complaining about?

Best regards

Peter

> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAllRPNcACgkQHPApP6U8
> pFiKXA/9F+2gPydxc19zOIEKnGbyxz/rSL2vzt7Liaxwt/tXQyGxRwmTAQ91NJIL
> PKCKLWizMr9GfTvEPD2w4fLGw8QTdlcpMIbUmJh9QFjFThPBCl7IXrMeDYU8P38c
> 0d8+KGBB/pwCJYoK7m+c0RHAungMRtvtdOrjSfwyP5T2a6AEcoY0tVg5IyFJOypW
> +diAioM9u5Jtrj/ZYjTXrc6AZ5FvVX2lcD0tQqIuIsDZHz9WJHEs6LhDNdEGykPV
> vN2Y42c9AoGesKRpY7p7ptHnG6igCcbMtfvKls7YYTpP+jc8aIO0tLvnG5IdUmH5
> XiqCbUnMkTk+ygjM4fk1Pel/Z4bHPjT8XZ3ZcuMMKBLfnKkjD2G0DesP9b7e355q
> 0F6wm2vBL8b169RxeS5L4qcW9aLz7PLyo+nWjnhP6+Cgd9DrJzNxQa2M3RYC5L87
> KmJ1ImCf5JisXXWLLcK+hxAitD65ndGVzNcet7khJMsoKsk5O/TocQYdRpBNHi+7
> t/CefXFWskPmYVEG8ffYJQH8ZU+i02pmaXPagQJIorvaMNEBEebPkRfjzoMGOidx
> L+dFde/tRn5gLWlESg7mMfT8y8UsSjw3xUKXmZ8fD/UPUVTOAsu0MpiVBURF4BXG
> cXwdtY6Jk0Ox/UN+VziwSQgVNroEDriaoua1Vq8hYjeZOtkMkIk=
> =WnIS
> -END PGP SIGNATURE-
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-26 Thread Christopher Schultz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Todd,

On 6/23/17 2:56 PM, Todd wrote:
> Thank you Peter - I tried that previously, and just to double check
> tried it again.  No difference at all.  a set of ciphers is being
> presented that do not match to the cipher list that I've included
> at all.
> 
> Any other ideas as to what could be overriding this list?  As
> mentioned, some things when edited do take effect, like the
> protocol selection (I can remove TLS, add SSL, etc.), if I have a
> syntax error, the server won't start and will give an error, but
> nothing I put in ciphers seems  to work.

Can you provide a clean configuration that exhibits this behavior?

What are you using to test the effective configuration?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAllRPNcACgkQHPApP6U8
pFiKXA/9F+2gPydxc19zOIEKnGbyxz/rSL2vzt7Liaxwt/tXQyGxRwmTAQ91NJIL
PKCKLWizMr9GfTvEPD2w4fLGw8QTdlcpMIbUmJh9QFjFThPBCl7IXrMeDYU8P38c
0d8+KGBB/pwCJYoK7m+c0RHAungMRtvtdOrjSfwyP5T2a6AEcoY0tVg5IyFJOypW
+diAioM9u5Jtrj/ZYjTXrc6AZ5FvVX2lcD0tQqIuIsDZHz9WJHEs6LhDNdEGykPV
vN2Y42c9AoGesKRpY7p7ptHnG6igCcbMtfvKls7YYTpP+jc8aIO0tLvnG5IdUmH5
XiqCbUnMkTk+ygjM4fk1Pel/Z4bHPjT8XZ3ZcuMMKBLfnKkjD2G0DesP9b7e355q
0F6wm2vBL8b169RxeS5L4qcW9aLz7PLyo+nWjnhP6+Cgd9DrJzNxQa2M3RYC5L87
KmJ1ImCf5JisXXWLLcK+hxAitD65ndGVzNcet7khJMsoKsk5O/TocQYdRpBNHi+7
t/CefXFWskPmYVEG8ffYJQH8ZU+i02pmaXPagQJIorvaMNEBEebPkRfjzoMGOidx
L+dFde/tRn5gLWlESg7mMfT8y8UsSjw3xUKXmZ8fD/UPUVTOAsu0MpiVBURF4BXG
cXwdtY6Jk0Ox/UN+VziwSQgVNroEDriaoua1Vq8hYjeZOtkMkIk=
=WnIS
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issue between RewriteValve and DefaultServlet

2017-06-26 Thread Mark Thomas

On 26/06/17 11:22, Jérémie Barthés wrote:
> Thank for your  fast answer
> 
> I would like to extend DefaultServlet to override doDirectoryRedirect
> but the method is private,
> private void doDirectoryRedirect(HttpServletRequest request,
> HttpServletResponse response)
> 
> May this method be protected in following versions ?

Unlikely at this point.

> i can't change a header on the way out, after server started to answer,
> can i ?

Correct. The way to handle this is to wrap the response and intercept
the call that sets the location header and modify the value before
calling the wrapped response.

Mark


> 
> Regard
> 
> Jeremie
> 
> PS : i added a custom valve just to put non-rewritten URI in a request
> attribute, so i can use it if present when doDirectoryRedirect occurs
> 
> 
> Le 26/06/2017 à 12:01, Mark Thomas a écrit :
>> On 26/06/17 10:55, Jérémie Barthés wrote:
>>> Hi,
>>>
>>> I have an issue between org.apache.catalina.valves.rewrite.RewriteValve
>>> and org.apache.catalina.servlets.DefaultServlets
>>>
>>> If my request is forwarded by the RewriteValve and then pass into
>>> doDirectoryRedirect in DefaultServlets to be redirected. The hidden
>>> rewritten URI is displayed in the browser.
>>>
>>> To test it, try the following example (any tomcat 8, 8.5 or 9)
>>>
>>> add RewriteValve in conf/server.xml
>>> 
>>>
>>> add rewriteRule in conf/Catalina/localhost/rewrite.config
>>> RewriteRule ^/iWantThisVisible/(.*) $/examples/$1/
>>>
>>> start tomcat
>>>
>>> go to following URLs (any internet browser) :
>>> http://localhost:8080/iWantThisVisible/servlets
>>> http://localhost:8080/iWantThisVisible/servlets/
>> That behaviour is expected.
>>
>> If you want to stick with the RewriteValve you'll need to write a custom
>> Valve or Filter to modify the HTTP headers on the way out.
>>
>> You might be better off writing a custom Servlet that does a forward.
>>
>> Mark
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issue between RewriteValve and DefaultServlet

2017-06-26 Thread Jérémie Barthés


Thank for your  fast answer

I would like to extend DefaultServlet to override doDirectoryRedirect 
but the method is private,
private void doDirectoryRedirect(HttpServletRequest request, 
HttpServletResponse response)


May this method be protected in following versions ?

i can't change a header on the way out, after server started to answer, 
can i ?


Regard

Jeremie

PS : i added a custom valve just to put non-rewritten URI in a request 
attribute, so i can use it if present when doDirectoryRedirect occurs



Le 26/06/2017 à 12:01, Mark Thomas a écrit :

On 26/06/17 10:55, Jérémie Barthés wrote:

Hi,

I have an issue between org.apache.catalina.valves.rewrite.RewriteValve
and org.apache.catalina.servlets.DefaultServlets

If my request is forwarded by the RewriteValve and then pass into
doDirectoryRedirect in DefaultServlets to be redirected. The hidden
rewritten URI is displayed in the browser.

To test it, try the following example (any tomcat 8, 8.5 or 9)

add RewriteValve in conf/server.xml


add rewriteRule in conf/Catalina/localhost/rewrite.config
RewriteRule ^/iWantThisVisible/(.*) $/examples/$1/

start tomcat

go to following URLs (any internet browser) :
http://localhost:8080/iWantThisVisible/servlets
http://localhost:8080/iWantThisVisible/servlets/

That behaviour is expected.

If you want to stick with the RewriteValve you'll need to write a custom
Valve or Filter to modify the HTTP headers on the way out.

You might be better off writing a custom Servlet that does a forward.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Issue between RewriteValve and DefaultServlet

2017-06-26 Thread Mark Thomas

On 26/06/17 10:55, Jérémie Barthés wrote:
> Hi,
> 
> I have an issue between org.apache.catalina.valves.rewrite.RewriteValve
> and org.apache.catalina.servlets.DefaultServlets
> 
> If my request is forwarded by the RewriteValve and then pass into
> doDirectoryRedirect in DefaultServlets to be redirected. The hidden
> rewritten URI is displayed in the browser.
> 
> To test it, try the following example (any tomcat 8, 8.5 or 9)
> 
> add RewriteValve in conf/server.xml
> 
> 
> add rewriteRule in conf/Catalina/localhost/rewrite.config
> RewriteRule ^/iWantThisVisible/(.*) $/examples/$1/
> 
> start tomcat
> 
> go to following URLs (any internet browser) :
> http://localhost:8080/iWantThisVisible/servlets
> http://localhost:8080/iWantThisVisible/servlets/

That behaviour is expected.

If you want to stick with the RewriteValve you'll need to write a custom
Valve or Filter to modify the HTTP headers on the way out.

You might be better off writing a custom Servlet that does a forward.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Issue between RewriteValve and DefaultServlet

2017-06-26 Thread Jérémie Barthés


Hi,

I have an issue between org.apache.catalina.valves.rewrite.RewriteValve
and org.apache.catalina.servlets.DefaultServlets

If my request is forwarded by the RewriteValve and then pass into
doDirectoryRedirect in DefaultServlets to be redirected. The hidden
rewritten URI is displayed in the browser.

To test it, try the following example (any tomcat 8, 8.5 or 9)

add RewriteValve in conf/server.xml


add rewriteRule in conf/Catalina/localhost/rewrite.config
RewriteRule ^/iWantThisVisible/(.*)$/examples/$1/

start tomcat

go to following URLs (any internet browser) :
http://localhost:8080/iWantThisVisible/servlets
http://localhost:8080/iWantThisVisible/servlets/

Regards

Jeremie

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

Re: Issue between RewriteValve and DefaultServlet

Re: Issue between RewriteValve and DefaultServlet

Re: Issue between RewriteValve and DefaultServlet

Issue between RewriteValve and DefaultServlet

6 matches

Site Navigation

Mail list logo

Footer information