RE: urgent problems with tomcat release 8.5.4
Hello Konstantin, This is my first time to ask questions on this site, apologize I'm not sure why my reply been encrypt on tomcat official site, so I just send this reply to you separately to thanks for your help :) Thank you so much for your kindly help, it definitely solved my problem:) Gratitude & have a nice weekend. :) Br/Johnny -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: 2017年12月22日 17:43 To: Tomcat Users List Subject: Re: urgent problems with tomcat release 8.5.4 2017-12-22 5:28 GMT+03:00 CYAG (Johnny Chao Yang): > Hello team, > > > Due to the tomcat 8.0 will closed to its support deadline, so we are going to > upgrade our tomcat version from 8.0 to 8.5.4, as Apache tomcat official > website announced 8.5.x will not stop support so far, but the support time > decides which tomcat version is better for us to choose and it really affect > our IT infrastructure, so could we know approximately how long will Apache > keep support Tomcat release 8.5.x ? > > > Very appreciated for your help & will looking hearing for your feedback. :) > http://www.catb.org/~esr/faqs/smart-questions.html#urgent The current version of Tomcat 8.5 is 8.5.24. https://wiki.apache.org/tomcat/FAQ/Linux_Unix#Q5 http://markmail.org/message/c7mxxiokcmf665qy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: urgent problems with tomcat release 8.5.4
Hello Konstantin, This is my first time to ask questions on this site. Thank you so much for your kindly help, it definitely solved my problem:) Gratitude & have a nice weekend. :) -Original Message- > Hello team, > > > Due to the tomcat 8.0 will closed to its support deadline, so we are going to > upgrade our tomcat version from 8.0 to 8.5.4, as Apache tomcat official > website announced 8.5.x will not stop support so far, but the support time > decides which tomcat version is better for us to choose and it really affect > our IT infrastructure, so could we know approximately how long will Apache > keep support Tomcat release 8.5.x ? > > > Very appreciated for your help & will looking hearing for your feedback. :) > http://www.catb.org/~esr/faqs/smart-questions.html#urgent The current version of Tomcat 8.5 is 8.5.24. https://wiki.apache.org/tomcat/FAQ/Linux_Unix#Q5 http://markmail.org/message/c7mxxiokcmf665qy
RE: urgent problems with tomcat release 8.5.4
Hello Konstantin, Thank you so much for your kindly help, it definitely solved my problem:) Gratitude & have a nice weekend. :) Br/Johnny -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: 2017年12月22日 17:43 To: Tomcat Users List Subject: Re: urgent problems with tomcat release 8.5.4 2017-12-22 5:28 GMT+03:00 CYAG (Johnny Chao Yang): > Hello team, > > > Due to the tomcat 8.0 will closed to its support deadline, so we are going to > upgrade our tomcat version from 8.0 to 8.5.4, as Apache tomcat official > website announced 8.5.x will not stop support so far, but the support time > decides which tomcat version is better for us to choose and it really affect > our IT infrastructure, so could we know approximately how long will Apache > keep support Tomcat release 8.5.x ? > > > Very appreciated for your help & will looking hearing for your feedback. :) > http://www.catb.org/~esr/faqs/smart-questions.html#urgent The current version of Tomcat 8.5 is 8.5.24. https://wiki.apache.org/tomcat/FAQ/Linux_Unix#Q5 http://markmail.org/message/c7mxxiokcmf665qy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
On 22.12.2017 21:02, Eric Robinson wrote: With the exact same Xms and Xmx settings, I get vastly different resident and virtual image sizes from the Linux ps command. tomcatA: jdk1.8.0_152, res: 694312, virt: 5045084 tomcatB: jdk1.6.0_21, res: 332840, virt: 3922656 -Xmx is not all that's determining how much memory the JVM actually allocates. https://jguru.fi/why-is-my-java-process-taking-more-memory-than-i-gave-it.html gives some more hints on factors that have to be taken into account. 32 vs 64 bit architectures might do something to the sizes. And, now that you gave your JVM options in another answer, you're not specifying the GC algorithm and parameters, other than just logging. This means that most likely you're using another algorithm with different parameters, e.g. it might kick in later. Coming back to the linked article: Tomcat might have different default thread pool sizes - I don't know if you explicitly configure them. And I've lost track if the default connectors are different ones between Tomcat 6 and 8, or if you have ex- or implicitly configured them differently (e.g. through using your Linux distribution's implementation and they might have changed it). Unrelated: I like to configure my production servers with identical -Xms and -Xmx, so that they either start or don't start when I'm around (or when the server boots) and not fail to allocate more memory from the OS sunday night at 3am. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
> Eric, > > Just curious how much ram do you have in the server and cpu resources. > > #free -m and # cat /proc/cpuinfo | egrep 'cores|processor' > > (Not to insult your intelligence , I am just specifying what I was curious to > see) > > And it's always easier to copy/paste than to think. > > I see in another thread you went from Java 1.6_xxx to 1.8_xxx > > That could be the whole story right there. > > No offense taken. You're right, copy and paste is easier... [root@app17 alley]# free -m total used free sharedbuffers cached Mem: 64415 58110 6304 0 2938 18382 -/+ buffers/cache: 36789 27626 Swap:15999759 15240 [root@app17 alley]# cat /proc/cpuinfo | egrep 'cores|processor' processor : 0 cpu cores : 6 processor : 1 cpu cores : 6 processor : 2 cpu cores : 6 processor : 3 cpu cores : 6 processor : 4 cpu cores : 6 processor : 5 cpu cores : 6 processor : 6 cpu cores : 6 processor : 7 cpu cores : 6 processor : 8 cpu cores : 6 processor : 9 cpu cores : 6 processor : 10 cpu cores : 6 processor : 11 cpu cores : 6 --Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
Eric, Just curious how much ram do you have in the server and cpu resources. #free -m and # cat /proc/cpuinfo | egrep 'cores|processor' (Not to insult your intelligence , I am just specifying what I was curious to see) And it's always easier to copy/paste than to think. I see in another thread you went from Java 1.6_xxx to 1.8_xxx That could be the whole story right there. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 -Original Message- From: Eric Robinson [mailto:eric.robin...@psmnv.com] Sent: Friday, December 22, 2017 2:59 PM To: Tomcat Users ListSubject: RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6? > > From: Eric Robinson [mailto:eric.robin...@psmnv.com] > > Subject: RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory > > Than > Tomcat 6? > > > if JVM instance "A" is configured as follows on server 1 under > > tomcat6/jdk > 1.6, then > > instance "A" on server 2 is configured the same, except it is > > running > under tomcat > > 8/jdk 1.8. Yet the tomcat 8 ones used 50% more memory, on average. > > > JAVA_OPTS="-Xms16M -Xmx192M \ > > -XX:MaxPermSize=192M \ > > Note that PermGen is no longer used in Java 8, and the above should > log a > warning: > > Java HotSpot(TM) 64-Bit Server VM warning: ignoring option > MaxPermSize=192m; support was removed in 8.0 Great tip, thanks. Unfortunately, I don't think that explains why the exact same Xms and Xmx settings produce vastly different resident and virtual running image sizes under jdk1.8 versus jdk1.6. > It might be leaking. If that were the case, I assume it would manifest under tomcat6/jdk 1.6 as well. Since it does not, I am inclined to think leakage is not the issue. --Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
> > More heap or more native memory? > With the exact same Xms and Xmx settings, I get vastly different resident and virtual image sizes from the Linux ps command. tomcatA: jdk1.8.0_152, res: 694312, virt: 5045084 tomcatB: jdk1.6.0_21, res: 332840, virt: 3922656 --Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
> > From: Eric Robinson [mailto:eric.robin...@psmnv.com] > > Subject: RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than > Tomcat 6? > > > if JVM instance "A" is configured as follows on server 1 under tomcat6/jdk > 1.6, then > > instance "A" on server 2 is configured the same, except it is running > under tomcat > > 8/jdk 1.8. Yet the tomcat 8 ones used 50% more memory, on average. > > > JAVA_OPTS="-Xms16M -Xmx192M \ > > -XX:MaxPermSize=192M \ > > Note that PermGen is no longer used in Java 8, and the above should log a > warning: > > Java HotSpot(TM) 64-Bit Server VM warning: ignoring option > MaxPermSize=192m; > support was removed in 8.0 Great tip, thanks. Unfortunately, I don't think that explains why the exact same Xms and Xmx settings produce vastly different resident and virtual running image sizes under jdk1.8 versus jdk1.6. > It might be leaking. If that were the case, I assume it would manifest under tomcat6/jdk 1.6 as well. Since it does not, I am inclined to think leakage is not the issue. --Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
> From: Eric Robinson [mailto:eric.robin...@psmnv.com] > Subject: RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6? > if JVM instance "A" is configured as follows on server 1 under tomcat6/jdk 1.6, then > instance "A" on server 2 is configured the same, except it is running under tomcat > 8/jdk 1.8. Yet the tomcat 8 ones used 50% more memory, on average. > JAVA_OPTS="-Xms16M -Xmx192M \ > -XX:MaxPermSize=192M \ Note that PermGen is no longer used in Java 8, and the above should log a warning: Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=192m; support was removed in 8.0 Here's a brief overview: https://blogs.oracle.com/poonam/about-g1-garbage-collector,-permanent-genera tion-and-metaspace - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. smime.p7s Description: S/MIME cryptographic signature
RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
Eric, If you have upgraded java along with tomcat then yes that it is very probable. You can restrict how much memory java can use however, if it is consuming too much memory. -Xmx and –Xms startup parameters. However, you may be jeopardizing performance. In this case you can only add more memory. It may also be leaking. Java is a pig get used to it. === Thank You; Chris Cheltenham Technology Services The School District of Philadelphia Work # 215-400-5025 Cell # 215-301-6571 From: Eric Robinson [mailto:eric.robin...@psmnv.com] Sent: Friday, December 22, 2017 2:04 PM To: Tomcat Users ListSubject: RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
RE: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
> On 22.12.2017 13:48, Eric Robinson wrote: > > We have multiple JVMs deployed on two identical Linux servers. Each server > has 60 JVMs. Until today, both servers were running Tomcat6 with JDK 1.6. > Today we upgraded one of the servers to Tomcat 8 with JDK 1.8. Now the JVMs > on the Tomcat 8 server are each using between 20-80% more memory than the > ones on Tomcat6 with JDK 1.6. Is that normal? Why would that be? Is it some > kind of settings? Is it fixable? > > > It might be as simple as different thresholds for the garbage collector to > kick in. > I'd start with an evaluation of how much memory is used right after a GC run - > and in case this isn't satisfactory, which objects use the memory. > Typically it's appropriate to just look at the top of the list. > > Note that the GC algorithms (or just GC defaults) between the different JVM > versions (sometimes even between minor upgrades) might differ significantly. > One big question is: Did you explicitly configure memory consumption, GC > algorithm and thresholds? If so, what's the difference between the two > options: > I'd expect that you need to change the settings significantly in order to > achieve > the same behavior. There's a lot of work that has been done in this world. > > That being said, I'd also not rule out that tomcat's or other component's > implementation changed - e.g. caches, or just memory use through upgraded > libraries. But I'd recommend to look in both directions, with JDK and GC > tuning > being the elephant in the room, giving you the biggest bang for your buck. > > Olaf > The following startup options are typical for our JVMs. The min, max, and permgen settings may differ from JVM to JVM on the same server, but the settings are always identical between servers. In other words, if JVM instance "A" is configured as follows on server 1 under tomcat6/jdk 1.6, then instance "A" on server 2 is configured the same, except it is running under tomcat 8/jdk 1.8. Yet the tomcat 8 ones used 50% more memory, on average. JAVA_OPTS="-Xms16M -Xmx192M \ -XX:MaxPermSize=192M \ -Djvm=$JVM_ID \ -Djava.awt.headless=true \ -Djava.net.preferIPv4Stack=true \ -Duser.timezone=US/Pacific \ -Xloggc:/alley/site098/tomcat8/logs/gc.log -XX:+PrintGCDateStamps -XX:+PrintGCDetails
Re: Apache Tomcat 8.5.24 SSL Configuration
On 12/21/2017 3:24 PM, Thomas Delaney wrote: Thank you for the input so far! I have used both java versions jdk 1.7.0_79 and jdk1.8.0_152 and still receive the same result when running the openssl s_client command I recieved this as the Cipher and SSL version Protocol : TLSv1.2 Cipher: DHE-RSA-AES256-GCM-SHA384 I also get a message saying "verify error:num=20:unable to get local issuer certificate" "Verify return code: 20 (unable to get local issuer certificate)" This may not be a meaningful error. Are you specifying the CAPath or CAFile arguments on the command line? See this page: https://stackoverflow.com/questions/11548336/openssl-verify-return-code-20-unable-to-get-local-issuer-certificate. You did double-check the path and permissions on your various certificate files right? Also, did you inspect your files using openssl? E.G.: openssl x509 -in conf/CA_server_bundle.crt -text You might try running Tomcat with: |-Djavax.net.debug=ssl | |to enable SSL Debugging. I'm not going to lie though, it can be pretty difficult to weed through the tons of content generated.| || On Thu, Dec 21, 2017 at 2:31 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 12/21/17 2:38 AM, l...@kreuser.name wrote: Hi Thomas, Am 21.12.2017 um 00:56 schrieb Thomas Delaney: Greetings, I am having trouble regarding google chrome's behavior to Apache Tomcat's SSL setup. I have been successful getting an ssl website to work with Apache HTTP web server, but not Apache Tomcat 8.5.24 on google chrome. Mozilla Firefox brings me to my site with no problem. When going to https://mydomain.com:8443 I recieve a message from Google Chrome. Google Chrome Error - This site can’t provide a secure connection mydomain.com uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite. When checking Google Chrome's Browser console in the security tab I recieve: Page is not secure Valid certificate secure resources Here is the following background info I have for the configuration I gave Apache Tomcat when setting up the 8443 connector Chrome Version 63.0.3239.108 (Official Build) (64-bit) Linux OS: SUSE Enterprise 12 sp1 Packages installed: - OpenSSL 1.0.2n 7 Dec 2017 - jdk version 1.7.0_79 That may be the culprit. Apparently this (old) version of Java7 will not provide in the default modern ciphers that Chrome requires. And the config is using the JSSE SSL implementation. But as you have TC Native and openssl 1.0.2 you should switch to openssl. This probably isn't the problem since Thomas is using the APR connector. TLS cipher suite support (or lack thereof) from Java 1.7 is not relevant. - tomcat version -> apache-tomcat-8.5.24 - apr-1.6.3 - tomcat-native-1.2.16-src Server.xml apr connector (Certificates are signed from GoDaddy and are placed in the conf directory of Apache Tomcat): This looks okay to me. If you start Tomcat and then use "openssl s_client -connect :", does openssl connect? It should report the protocol and cipher suite being used to connect. If you server is externally-accessible, consider using an external TLS capabilities scanner such as that from Qualys, https://www.ssllabs.com/ssltest/ - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlo8C/0dHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFiayA//Ugc6nwLR2yddEvDc eqwBYhDib1AZlx2m2iju1tBngWu8Wr/x+MsHTZq+tTzKqPXrvXeTqd3AiBVZhBFf 8mwGZdf7dmcXZeCYgAVk+p7QxWpPt0hM27KJPeSXNCclrkG3REAPf5XkQBJx6Spr W7/JbejXooYl27D6+iHg+SsaMNnMuq1nPm0kCP1UyEN40bHzWqHfZbtgfi+wrKB+ ldJ/fRzMdUO+FMWosuCteHL5CoDotTUSuztWtjGA/raXgX2UJg1LvKxmhYU8mcA1 noMdpbQX6wYP/XtcKvIplHUJj8UUgZbe5bndDLw7HV2Im3wdN/659GpdAbEBN9EY O1gQRLVIyvO0XuY7RpDP7RNjbw8Sp7H1Y2Ptou3yJ3dezRQz9vi9M8i78OeEEfMp 5ZfxaN+bZoT0WteHpbR243DcFzO+HbShPEiSL0zKlltR2qzWBMXd+9XjjkIU8JeF mfqxdN6HBS5YXOT0IJcd6+uw3FTh2vPEf64K5r4hpIsWxvpmbkYqNIf4GQGuqS7c nm6gsOP6Wd/PiL67mVClJ6cN9LEPEqxs2QivK2/zzBcmYunXQK0GAbi25C5tG9Ha 4zB5VuRo0IjPmEKnRuqfZ2KcOVCQaJFbWgV0dJ9UWb7vO5662hYvSssX7jS6or5e /aq7VBV+GiEaWzZweAi8/k4R3wk= =DEHk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- George S. *MH Software, Inc.* Voice: 303 438 9585 http://www.mhsoftware.com
Re: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eric, On 12/22/17 7:48 AM, Eric Robinson wrote: > We have multiple JVMs deployed on two identical Linux servers. > Each server has 60 JVMs. Until today, both servers were running > Tomcat6 with JDK 1.6. Today we upgraded one of the servers to > Tomcat 8 with JDK 1.8. Now the JVMs on the Tomcat 8 server are each > using between 20-80% more memory than the ones on Tomcat6 with JDK > 1.6. Is that normal? Why would that be? Is it some kind of > settings? Is it fixable? More heap or more native memory? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlo9STQdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFgXQhAAnOCilGyuELDsZq+r r25nW+9spA6ilZqB5fLMNJkBNj/93AB9tzVbtwZqMKPvPo2KD78FEBbrqok3UWBz SoISB3EOCB+6dxfOcfm9i+/FRbSfbzd3H6+LcJOl1Fzyoc0/bZfM5BHcCaMkharZ RYp0wfV2raUAiK8DI1xTTFyf380V1KG1MOa6z/jnfneW5sas05OumblbeiGQBV8q 8ZOcJ8qMCYGfw5DMeNjNXZC2MlQuCRkI0B3xr7kVYliZf7Tz2A5xAXC2W7cYAQDE 4VcD6CpYkGZx9/xG1pL4RGc+qUTgCRai9MXV3pVKIc+LAMYHVh4mhYp+iNHeR/8M o8Wn+TueQOjOLp4PeVSTHIHoCRdAZAEySXAPpvmonEvHENgSecUhAEhwtNqqXSTA xRelSG88bfT+LIRIiB4yCmpA/Wctz0D8naSk7VV7PgExKv8yxBswGo5gbXht2byp 4j9jhBn2RQQWDxIU4qoBaD717N0lhnZYtquDAFGSjjMddMK/Ut8TTBXj5/7qZhNQ Gx6szkowKpg+elFbGHexAysT+HJ+rcbnvGtscvvsjmdZWY8FjtYmbChbbMATBDNM FazT8CXqkivy2i/YbmLyLgUzTDo8SlayumAnZZemHZcPz/kfCk+ZT3sAZjtuw+Jy RmqZ5APR9vpEW3Bkb3Hdmc2LqZo= =nJ1T -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat 8.5.24 SSL Configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thomas, On 12/21/17 5:24 PM, Thomas Delaney wrote: > Thank you for the input so far! > > I have used both java versions jdk 1.7.0_79 and jdk1.8.0_152 and > still receive the same result > > when running the openssl s_client command I recieved this as the > Cipher and SSL version Protocol : TLSv1.2 Cipher: > DHE-RSA-AES256-GCM-SHA384 Good, OpenSSL can connect which means that TLS is at least set up properly and running. > I also get a message saying "verify error:num=20:unable to get > local issuer certificate" "Verify return code: 20 (unable to get > local issuer certificate)" That's not a problem, especially if you are using a self-signed certificate or a CA that OpenSSL doesn't recognize. If you can't use SSLLabs's test, you might be able to use this one: https://wiki.apache.org/tomcat/tools/SSLTest.java (and) https://wiki.apache.org/tomcat/tools/SSLUtils.java - -chris > On Thu, Dec 21, 2017 at 2:31 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Peter, > > On 12/21/17 2:38 AM, l...@kreuser.name wrote: Hi Thomas, > Am 21.12.2017 um 00:56 schrieb Thomas Delaney >: > > Greetings, > > I am having trouble regarding google chrome's behavior to > Apache Tomcat's SSL setup. I have been successful getting > an ssl website to work with Apache HTTP web server, but not > Apache Tomcat 8.5.24 on google chrome. Mozilla Firefox > brings me to my site with no problem. > > When going to https://mydomain.com:8443 I recieve a message > from Google Chrome. > > Google Chrome Error - This site can’t provide a secure > connection mydomain.com uses an unsupported protocol. > ERR_SSL_VERSION_OR_CIPHER_MISMATCH > > Unsupported protocol The client and server don't support a > common SSL protocol version or cipher suite. > > When checking Google Chrome's Browser console in the > security tab I recieve: Page is not secure Valid > certificate secure resources > > Here is the following background info I have for the > configuration I gave Apache Tomcat when setting up the > 8443 connector > > Chrome Version 63.0.3239.108 (Official Build) (64-bit) > > Linux OS: SUSE Enterprise 12 sp1 > > Packages installed: > > - OpenSSL 1.0.2n 7 Dec 2017 - jdk version 1.7.0_79 That may be the culprit. Apparently this (old) version of Java7 will not provide in the default modern ciphers that Chrome requires. And the config is using the JSSE SSL implementation. But as you have TC Native and openssl 1.0.2 you should switch to openssl. > > This probably isn't the problem since Thomas is using the APR > connector. TLS cipher suite support (or lack thereof) from Java 1.7 > is not relevant. > > - tomcat version -> apache-tomcat-8.5.24 - apr-1.6.3 - > tomcat-native-1.2.16-src > > Server.xml apr connector (Certificates are signed from > GoDaddy and are placed in the conf directory of Apache > Tomcat): > > protocol="org.apache.coyote.http11.Http11AprProtocol" > maxThreads="150" SSLEnabled="true" > defaultSSLHostConfigName=" mydomain.com" > hostName="mydomain.com" protocols="TLSv1,TLSv1.1,TLSv1.2"> > certificateFile="conf/server.crt" > certificateChainFile="conf/CA_server_bundle.crt" type="RSA" > /> > > This looks okay to me. If you start Tomcat and then use "openssl > s_client -connect :", does openssl connect? It > should report the protocol and cipher suite being used to connect. > > If you server is externally-accessible, consider using an external > TLS capabilities scanner such as that from Qualys, > https://www.ssllabs.com/ssltest/ > > -chris >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlo9SQIdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFinRxAAgr+i0PtFCGPAqWJ7 Y0VvfFSGPsQCiUz3qkp9mCiXCl87TLy5PrbpPT9avDyTjjtA1gbl16goc4jtB5zt zcjZuasQkwz9cDMkmlJ4T0USd/TfepJXbssaqi7tLUxFM0dBChoP7uzprO7HF3hE yqGD7nm1YEDcSgVqXrx8FkHA5D9hY1yP47djPkJL9/yxWunc1BqeoJ2JMoXLX7Sx 78LYywT1oYm1fj+UP6wacKDU/6gZINBQsLRmCVkpE4iYlyUnswdo4FChSQb9HTMp pK0nyCVXG4RWPO90qCdSbuTZmIy0WvHxZL9O6CSkBdIycz09nYDVxTQQuyJusrYh 35BGCxzAgRfoj9bu04O6ezXoIpmWXLB48cFu5BrhX2I6/WXy/a9SSCzgaztj9rGS X/9TFrI7DvOkMw0VCI162159QpuzcpRG0H13VGq36ldqdfrQ0DUYSqSwuS36I+2P aIJ2vY6T0P7G5KBg4uqKyTDTwNq5zANRpJqMfQkQHD3fh0tHT35dBWj46aFBtXrq YUT2O99eA459XMGKl6j85d4LU3aSU35EK7xSqUQmWGHpgjDXMcktcF9opV3Tdb1h
Re: getting "BindException: permission denied" exception when trying to change port 8080 to 8090
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Coty, On 12/21/17 3:49 PM, Coty Sutherland wrote: > On Thu, Dec 21, 2017 at 2:45 PM, Alceu R. de Freitas Jr. >wrote: >> Hello Cristopher, I never saw something like that too. I also >> search on Google, all occurrences happened with people trying to >> run Tomcat on privileged ports (<1024). Here is a quick test, >> with port 9090: >> >> [root@localhost ~]# systemctl stop tomcat [root@localhost ~]# rm >> -f /var/log/tomcat/* [root@localhost ~]# vi >> /etc/tomcat/server.xml [root@localhost ~]# grep -A 2 'Connector >> port="9090"' /etc/tomcat/server.xml > protocol="HTTP/1.1" connectionTimeout="2" redirectPort="8443" >> /> [root@localhost ~]# systemctl start tomcat [root@localhost ~]# >> systemctl status tomcat ● tomcat.service - Apache Tomcat Web >> Application Container Loaded: loaded >> (/usr/lib/systemd/system/tomcat.service; disabled; vendor preset: >> disabled) Active: active (running) since Qui 2017-12-21 17:39:57 >> -02; 6s ago Main PID: 4385 (java) CGroup: >> /system.slice/tomcat.service └─4385 /usr/lib/jvm/jre/bin/java >> -classpath >> /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli .jar:/usr/share/java/commons-da... >> >> >> Dez 21 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 5:40:03 PM org.apache.catalina.startup.HostConfig deployDirectory >> Dez 21 17:40:03 localhost.localdomain server[4385]: INFORMAÇÕES: >> Deployment of web application directory >> /var/lib/tomcat/webapps/manager has finish… in 498 ms Dez 21 >> 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 5:40:03 >> PM org.apache.catalina.startup.HostConfig deployDirectory Dez 21 >> 17:40:03 localhost.localdomain server[4385]: INFORMAÇÕES: >> Deploying web application directory /var/lib/tomcat/webapps/ROOT >> Dez 21 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 >> 5:40:03 PM org.apache.catalina.startup.TldConfig execute Dez 21 >> 17:40:03 localhost.localdomain server[4385]: INFORMAÇÕES: At >> least one JAR was scanned for TLDs yet contained no TLDs. Enable >> debug logging …tion time. Dez 21 17:40:03 localhost.localdomain >> server[4385]: dez 21, 2017 5:40:03 PM >> org.apache.catalina.startup.HostConfig deployDirectory Dez 21 >> 17:40:03 localhost.localdomain server[4385]: INFORMAÇÕES: >> Deployment of web application directory >> /var/lib/tomcat/webapps/ROOT has finished in 534 ms Dez 21 >> 17:40:03 localhost.localdomain server[4385]: dez 21, 2017 5:40:03 >> PM org.apache.catalina.startup.HostConfig deployDirectory Dez 21 >> 17:40:03 localhost.localdomain server[4385]: INFORMAÇÕES: >> Deploying web application directory >> /var/lib/tomcat/webapps/examples Hint: Some lines were >> ellipsized, use -l to show in full. [root@localhost ~]# less >> /var/log/tomcat/catalina.2017-12-21.log GRAVE: Failed to >> initialize end point associated with ProtocolHandler >> ["http-bio-9090"] java.net.BindException: Permissão negada (Bind >> failed) :9090 at >> org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:413) >> >> at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:7 15) >> at >> org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:452) >> >> at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11J sseProtocol.java:119) >> at >> org.apache.catalina.connector.Connector.initInternal(Connector.java:9 78) >> >> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) >> at >> org.apache.catalina.core.StandardService.initInternal(StandardService .java:560) >> >> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) >> at >> org.apache.catalina.core.StandardServer.initInternal(StandardServer.j ava:840) >> >> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) >> at org.apache.catalina.startup.Catalina.load(Catalina.java:642) >> at org.apache.catalina.startup.Catalina.load(Catalina.java:667) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:62) >> >> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:498) at >> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:253) at >> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:427) >> Caused by: java.net.BindException: Permissão negada (Bind >> failed) at java.net.PlainSocketImpl.socketBind(Native Method) at >> java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:38 7) >> >> at java.net.ServerSocket.bind(ServerSocket.java:375) >> at java.net.ServerSocket.(ServerSocket.java:237) at >> java.net.ServerSocket.(ServerSocket.java:181) at >> org.apache.tomcat.util.net.DefaultServerSocketFactory.createSocket(De faultServerSocketFactory.java:49) >> >> at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:400) >> ... 17 more dez 21,
Re: OutOfMemoryError when Uploading Files
On 20/12/17 18:04, Igal @ Lucee.org wrote: > Hello, > > I am troubleshooting a servlet which is used to upload files. Small > files under 25mb are processed properly. Large files over 50mb are > processed properly. Files with size in the range of 25mb -- 50mb fail > with OutOfMemoryError. How consistently? > Unfortunately I do not get a Stack Trace. Instead of a Stack Trace I > only get "Java heap space". > > I know that the FileUpload component has a threshold with default of > 10kb, so that files under 10kb are processed in memory, but files larger > than that are processed using the disk to preserve memory. I do not see > anywhere in the code that the threshold is modified from its default value. > > Is there anywhere else in Tomcat that might have a 50mb threshold for IO > operations? Not that I am aware of. What, exactly, is performing this upload? > Specifically in NioEndpoint since I see this in catalina.out: > > Jul 11, 2017 1:23:29 PM > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor doRun > SEVERE: > java.lang.OutOfMemoryError: Java heap space > > Running Tomcat 8.0.23 (and yes, I would love to upgrade it but this is > for a large organization and I can not update it at this time). > > Am I correct to assume that the error is logged from > https://github.com/apache/tomcat80/blob/TOMCAT_8_0_23/java/org/apache/tomcat/util/net/NioEndpoint.java#L1563 Seems reasonable. Maybe time to attach a profiler and see what happens during a single upload on a test system? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat 8.5.24 SSL Configuration
Thomas, > Am 22.12.2017 um 15:38 schrieb Thomas Delaney: > > I apologize for the poor grammar in my last response and extra email. The > site I have setup is internal only. I will not be able to test the site > using SSL Labs. > You may try https://testssl.sh and download the script from there. That works in internal networks. It even simulates connects with different clients (eg Chrome) Peter > On Fri, Dec 22, 2017 at 9:37 AM, Thomas Delaney > wrote: > >> The site is internal so I won't not be able to check via ssllabs >> >>> On Thu, Dec 21, 2017 at 5:36 PM, George S. wrote: >>> On 12/21/2017 3:24 PM, Thomas Delaney wrote: Thank you for the input so far! I have used both java versions jdk 1.7.0_79 and jdk1.8.0_152 and still receive the same result when running the openssl s_client command I recieved this as the Cipher and SSL version Protocol : TLSv1.2 Cipher: DHE-RSA-AES256-GCM-SHA384 I also get a message saying "verify error:num=20:unable to get local issuer certificate" "Verify return code: 20 (unable to get local issuer certificate)" >>> >>> I second Chris Schultz's recommendation that you run the site through the >>> SSL Labs testing site and see what it points out. It's going to check a lot >>> more things right off the bat and display them in an easier format: >>> >>> https://www.ssllabs.com/ssltest/ >>> >>> >>> >>> >>> On Thu, Dec 21, 2017 at 2:31 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >> On 12/21/17 2:38 AM, l...@kreuser.name wrote: >> >> Hi Thomas, >> >> Am 21.12.2017 um 00:56 schrieb Thomas Delaney >>> : >>> >>> Greetings, >>> >>> I am having trouble regarding google chrome's behavior to Apache >>> Tomcat's SSL setup. I have been successful getting an ssl website >>> to work with Apache HTTP web server, but not Apache Tomcat 8.5.24 >>> on google chrome. Mozilla Firefox brings me to my site with no >>> problem. >>> >>> When going to https://mydomain.com:8443 I recieve a message from >>> Google Chrome. >>> >>> Google Chrome Error - This site can’t provide a secure >>> connection mydomain.com uses an unsupported protocol. >>> ERR_SSL_VERSION_OR_CIPHER_MISMATCH >>> >>> Unsupported protocol The client and server don't support a common >>> SSL protocol version or cipher suite. >>> >>> When checking Google Chrome's Browser console in the security tab >>> I recieve: Page is not secure Valid certificate secure resources >>> >>> Here is the following background info I have for the >>> configuration I gave Apache Tomcat when setting up the 8443 >>> connector >>> >>> Chrome Version 63.0.3239.108 (Official Build) (64-bit) >>> >>> Linux OS: SUSE Enterprise 12 sp1 >>> >>> Packages installed: >>> >>> - OpenSSL 1.0.2n 7 Dec 2017 - jdk version 1.7.0_79 >>> >> That may be the culprit. >> >> Apparently this (old) version of Java7 will not provide in the >> default modern ciphers that Chrome requires. And the config is >> using the JSSE SSL implementation. But as you have TC Native and >> openssl 1.0.2 you should switch to openssl. >> > This probably isn't the problem since Thomas is using the APR > connector. TLS cipher suite support (or lack thereof) from Java 1.7 is > not relevant. > > - tomcat version -> apache-tomcat-8.5.24 - apr-1.6.3 - >>> tomcat-native-1.2.16-src >>> >>> Server.xml apr connector (Certificates are signed from GoDaddy >>> and are placed in the conf directory of Apache Tomcat): >>> >>> >> protocol="org.apache.coyote.http11.Http11AprProtocol" >>> maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName=" >>> mydomain.com" > >> protocols="TLSv1,TLSv1.1,TLSv1.2"> >> certificateKeyFile="conf/server.key" >>> certificateFile="conf/server.crt" >>> certificateChainFile="conf/CA_server_bundle.crt" type="RSA" /> >>> >>> >> This looks okay to me. If you start Tomcat and then use "openssl > s_client -connect :", does openssl connect? It should > report the protocol and cipher suite being used to connect. > > If you server is externally-accessible, consider using an external TLS > capabilities scanner such as that from Qualys, > https://www.ssllabs.com/ssltest/ > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlo8C/0dHGNocmlzQGNo >
Re: Apache Tomcat 8.5.24 SSL Configuration
I apologize for the poor grammar in my last response and extra email. The site I have setup is internal only. I will not be able to test the site using SSL Labs. On Fri, Dec 22, 2017 at 9:37 AM, Thomas Delaneywrote: > The site is internal so I won't not be able to check via ssllabs > > On Thu, Dec 21, 2017 at 5:36 PM, George S. wrote: > >> On 12/21/2017 3:24 PM, Thomas Delaney wrote: >> >>> Thank you for the input so far! >>> >>> I have used both java versions jdk 1.7.0_79 and jdk1.8.0_152 and still >>> receive the same result >>> >>> when running the openssl s_client command I recieved this as the Cipher >>> and >>> SSL version >>> Protocol : TLSv1.2 >>> Cipher: DHE-RSA-AES256-GCM-SHA384 >>> >>> I also get a message saying "verify error:num=20:unable to get local >>> issuer certificate" >>> "Verify return code: 20 (unable to get local issuer certificate)" >>> >> >> I second Chris Schultz's recommendation that you run the site through the >> SSL Labs testing site and see what it points out. It's going to check a lot >> more things right off the bat and display them in an easier format: >> >> https://www.ssllabs.com/ssltest/ >> >> >> >> >> >>> On Thu, Dec 21, 2017 at 2:31 PM, Christopher Schultz < >>> ch...@christopherschultz.net> wrote: >>> >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter, On 12/21/17 2:38 AM, l...@kreuser.name wrote: > Hi Thomas, > > Am 21.12.2017 um 00:56 schrieb Thomas Delaney >> : >> >> Greetings, >> >> I am having trouble regarding google chrome's behavior to Apache >> Tomcat's SSL setup. I have been successful getting an ssl website >> to work with Apache HTTP web server, but not Apache Tomcat 8.5.24 >> on google chrome. Mozilla Firefox brings me to my site with no >> problem. >> >> When going to https://mydomain.com:8443 I recieve a message from >> Google Chrome. >> >> Google Chrome Error - This site can’t provide a secure >> connection mydomain.com uses an unsupported protocol. >> ERR_SSL_VERSION_OR_CIPHER_MISMATCH >> >> Unsupported protocol The client and server don't support a common >> SSL protocol version or cipher suite. >> >> When checking Google Chrome's Browser console in the security tab >> I recieve: Page is not secure Valid certificate secure resources >> >> Here is the following background info I have for the >> configuration I gave Apache Tomcat when setting up the 8443 >> connector >> >> Chrome Version 63.0.3239.108 (Official Build) (64-bit) >> >> Linux OS: SUSE Enterprise 12 sp1 >> >> Packages installed: >> >> - OpenSSL 1.0.2n 7 Dec 2017 - jdk version 1.7.0_79 >> > That may be the culprit. > > Apparently this (old) version of Java7 will not provide in the > default modern ciphers that Chrome requires. And the config is > using the JSSE SSL implementation. But as you have TC Native and > openssl 1.0.2 you should switch to openssl. > This probably isn't the problem since Thomas is using the APR connector. TLS cipher suite support (or lack thereof) from Java 1.7 is not relevant. - tomcat version -> apache-tomcat-8.5.24 - apr-1.6.3 - >> tomcat-native-1.2.16-src >> >> Server.xml apr connector (Certificates are signed from GoDaddy >> and are placed in the conf directory of Apache Tomcat): >> >> > protocol="org.apache.coyote.http11.Http11AprProtocol" >> maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName=" >> mydomain.com" > > protocols="TLSv1,TLSv1.1,TLSv1.2"> > certificateKeyFile="conf/server.key" >> certificateFile="conf/server.crt" >> certificateChainFile="conf/CA_server_bundle.crt" type="RSA" /> >> >> > This looks okay to me. If you start Tomcat and then use "openssl s_client -connect :", does openssl connect? It should report the protocol and cipher suite being used to connect. If you server is externally-accessible, consider using an external TLS capabilities scanner such as that from Qualys, https://www.ssllabs.com/ssltest/ - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlo8C/0dHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFiayA//Ugc6nwLR2yddEvDc eqwBYhDib1AZlx2m2iju1tBngWu8Wr/x+MsHTZq+tTzKqPXrvXeTqd3AiBVZhBFf 8mwGZdf7dmcXZeCYgAVk+p7QxWpPt0hM27KJPeSXNCclrkG3REAPf5XkQBJx6Spr W7/JbejXooYl27D6+iHg+SsaMNnMuq1nPm0kCP1UyEN40bHzWqHfZbtgfi+wrKB+ ldJ/fRzMdUO+FMWosuCteHL5CoDotTUSuztWtjGA/raXgX2UJg1LvKxmhYU8mcA1 noMdpbQX6wYP/XtcKvIplHUJj8UUgZbe5bndDLw7HV2Im3wdN/659GpdAbEBN9EY
Re: Apache Tomcat 8.5.24 SSL Configuration
The site is internal so I won't not be able to check via ssllabs On Thu, Dec 21, 2017 at 5:36 PM, George S.wrote: > On 12/21/2017 3:24 PM, Thomas Delaney wrote: > >> Thank you for the input so far! >> >> I have used both java versions jdk 1.7.0_79 and jdk1.8.0_152 and still >> receive the same result >> >> when running the openssl s_client command I recieved this as the Cipher >> and >> SSL version >> Protocol : TLSv1.2 >> Cipher: DHE-RSA-AES256-GCM-SHA384 >> >> I also get a message saying "verify error:num=20:unable to get local >> issuer certificate" >> "Verify return code: 20 (unable to get local issuer certificate)" >> > > I second Chris Schultz's recommendation that you run the site through the > SSL Labs testing site and see what it points out. It's going to check a lot > more things right off the bat and display them in an easier format: > > https://www.ssllabs.com/ssltest/ > > > > > >> On Thu, Dec 21, 2017 at 2:31 PM, Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA256 >>> >>> Peter, >>> >>> On 12/21/17 2:38 AM, l...@kreuser.name wrote: >>> Hi Thomas, Am 21.12.2017 um 00:56 schrieb Thomas Delaney > : > > Greetings, > > I am having trouble regarding google chrome's behavior to Apache > Tomcat's SSL setup. I have been successful getting an ssl website > to work with Apache HTTP web server, but not Apache Tomcat 8.5.24 > on google chrome. Mozilla Firefox brings me to my site with no > problem. > > When going to https://mydomain.com:8443 I recieve a message from > Google Chrome. > > Google Chrome Error - This site can’t provide a secure > connection mydomain.com uses an unsupported protocol. > ERR_SSL_VERSION_OR_CIPHER_MISMATCH > > Unsupported protocol The client and server don't support a common > SSL protocol version or cipher suite. > > When checking Google Chrome's Browser console in the security tab > I recieve: Page is not secure Valid certificate secure resources > > Here is the following background info I have for the > configuration I gave Apache Tomcat when setting up the 8443 > connector > > Chrome Version 63.0.3239.108 (Official Build) (64-bit) > > Linux OS: SUSE Enterprise 12 sp1 > > Packages installed: > > - OpenSSL 1.0.2n 7 Dec 2017 - jdk version 1.7.0_79 > That may be the culprit. Apparently this (old) version of Java7 will not provide in the default modern ciphers that Chrome requires. And the config is using the JSSE SSL implementation. But as you have TC Native and openssl 1.0.2 you should switch to openssl. >>> This probably isn't the problem since Thomas is using the APR >>> connector. TLS cipher suite support (or lack thereof) from Java 1.7 is >>> not relevant. >>> >>> - tomcat version -> apache-tomcat-8.5.24 - apr-1.6.3 - > tomcat-native-1.2.16-src > > Server.xml apr connector (Certificates are signed from GoDaddy > and are placed in the conf directory of Apache Tomcat): > > protocol="org.apache.coyote.http11.Http11AprProtocol" > maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName=" > mydomain.com" > protocols="TLSv1,TLSv1.1,TLSv1.2"> certificateKeyFile="conf/server.key" > certificateFile="conf/server.crt" > certificateChainFile="conf/CA_server_bundle.crt" type="RSA" /> > > This looks okay to me. If you start Tomcat and then use "openssl >>> s_client -connect :", does openssl connect? It should >>> report the protocol and cipher suite being used to connect. >>> >>> If you server is externally-accessible, consider using an external TLS >>> capabilities scanner such as that from Qualys, >>> https://www.ssllabs.com/ssltest/ >>> >>> - -chris >>> -BEGIN PGP SIGNATURE- >>> Comment: GPGTools - http://gpgtools.org >>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >>> >>> iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlo8C/0dHGNocmlzQGNo >>> cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFiayA//Ugc6nwLR2yddEvDc >>> eqwBYhDib1AZlx2m2iju1tBngWu8Wr/x+MsHTZq+tTzKqPXrvXeTqd3AiBVZhBFf >>> 8mwGZdf7dmcXZeCYgAVk+p7QxWpPt0hM27KJPeSXNCclrkG3REAPf5XkQBJx6Spr >>> W7/JbejXooYl27D6+iHg+SsaMNnMuq1nPm0kCP1UyEN40bHzWqHfZbtgfi+wrKB+ >>> ldJ/fRzMdUO+FMWosuCteHL5CoDotTUSuztWtjGA/raXgX2UJg1LvKxmhYU8mcA1 >>> noMdpbQX6wYP/XtcKvIplHUJj8UUgZbe5bndDLw7HV2Im3wdN/659GpdAbEBN9EY >>> O1gQRLVIyvO0XuY7RpDP7RNjbw8Sp7H1Y2Ptou3yJ3dezRQz9vi9M8i78OeEEfMp >>> 5ZfxaN+bZoT0WteHpbR243DcFzO+HbShPEiSL0zKlltR2qzWBMXd+9XjjkIU8JeF >>> mfqxdN6HBS5YXOT0IJcd6+uw3FTh2vPEf64K5r4hpIsWxvpmbkYqNIf4GQGuqS7c >>> nm6gsOP6Wd/PiL67mVClJ6cN9LEPEqxs2QivK2/zzBcmYunXQK0GAbi25C5tG9Ha >>> 4zB5VuRo0IjPmEKnRuqfZ2KcOVCQaJFbWgV0dJ9UWb7vO5662hYvSssX7jS6or5e >>> /aq7VBV+GiEaWzZweAi8/k4R3wk= >>> =DEHk >>> -END PGP SIGNATURE- >>> >>>
Re: Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
On 22.12.2017 13:48, Eric Robinson wrote: We have multiple JVMs deployed on two identical Linux servers. Each server has 60 JVMs. Until today, both servers were running Tomcat6 with JDK 1.6. Today we upgraded one of the servers to Tomcat 8 with JDK 1.8. Now the JVMs on the Tomcat 8 server are each using between 20-80% more memory than the ones on Tomcat6 with JDK 1.6. Is that normal? Why would that be? Is it some kind of settings? Is it fixable? It might be as simple as different thresholds for the garbage collector to kick in. I'd start with an evaluation of how much memory is used right after a GC run - and in case this isn't satisfactory, which objects use the memory. Typically it's appropriate to just look at the top of the list. Note that the GC algorithms (or just GC defaults) between the different JVM versions (sometimes even between minor upgrades) might differ significantly. One big question is: Did you explicitly configure memory consumption, GC algorithm and thresholds? If so, what's the difference between the two options: I'd expect that you need to change the settings significantly in order to achieve the same behavior. There's a lot of work that has been done in this world. That being said, I'd also not rule out that tomcat's or other component's implementation changed - e.g. caches, or just memory use through upgraded libraries. But I'd recommend to look in both directions, with JDK and GC tuning being the elephant in the room, giving you the biggest bang for your buck. Olaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Is it Normal for Tomcat 8 to Use 20-80% More Memory Than Tomcat 6?
We have multiple JVMs deployed on two identical Linux servers. Each server has 60 JVMs. Until today, both servers were running Tomcat6 with JDK 1.6. Today we upgraded one of the servers to Tomcat 8 with JDK 1.8. Now the JVMs on the Tomcat 8 server are each using between 20-80% more memory than the ones on Tomcat6 with JDK 1.6. Is that normal? Why would that be? Is it some kind of settings? Is it fixable? --Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: urgent problems with tomcat release 8.5.4
2017-12-22 5:28 GMT+03:00 CYAG (Johnny Chao Yang): > Hello team, > > > Due to the tomcat 8.0 will closed to its support deadline, so we are going to > upgrade our tomcat version from 8.0 to 8.5.4, as Apache tomcat official > website announced 8.5.x will not stop support so far, but the support time > decides which tomcat version is better for us to choose and it really affect > our IT infrastructure, so could we know approximately how long will Apache > keep support Tomcat release 8.5.x ? > > > Very appreciated for your help & will looking hearing for your feedback. :) > http://www.catb.org/~esr/faqs/smart-questions.html#urgent The current version of Tomcat 8.5 is 8.5.24. https://wiki.apache.org/tomcat/FAQ/Linux_Unix#Q5 http://markmail.org/message/c7mxxiokcmf665qy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org