-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 9/7/2009 10:18 AM, sunil chandran wrote:
Hello all,
As per the suggestion from tomcat forum users,I went ahead and installed
tomcat4.1.40
Then i copied the original webapps file from the back up tomcat (old version).
I tried to start
: Christopher Schultz ch...@christopherschultz.net
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users List users@tomcat.apache.org
Date: Friday, 14 August, 2009, 7:55 PM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8/13/2009 1:11 AM, sunil chandran wrote:
Now installing
sunil chandran wrote:
Hello all,
As per the suggestion from tomcat forum users,I went ahead and installed
tomcat4.1.40
Then i copied the original webapps file from the back up tomcat (old version).
I tried to start the server. It shows this error
Sep 7, 2009 10:13:11 PM
: Christopher Schultz ch...@christopherschultz.net
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users List users@tomcat.apache.org
Date: Friday, 14 August, 2009, 7:55 PM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8/13/2009 1:11 AM, sunil chandran wrote:
Now installing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8/13/2009 1:11 AM, sunil chandran wrote:
Now installing tomcat 4.1.40 what all changes will be required in my sevice..
no change in application?
You are very unlikely to require any webapp changes.
maybe installation and
investing in some Tomcat training/books/tutorials.
p
--- On Wed, 12/8/09, Christopher Schultzch...@christopherschultz.net wrote:
From: Christopher Schultzch...@christopherschultz.net
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users Listusers@tomcat.apache.org
Date: Wednesday
configuration has changed
See the docs for the details.
Mark
--- On Mon, 10/8/09, Caldarale, Charles R chuck.caldar...@unisys.com wrote:
From: Caldarale, Charles R chuck.caldar...@unisys.com
Subject: RE: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users List users
is no longer used
- Resource configuration has changed
See the docs for the details.
Mark
--- On Mon, 10/8/09, Caldarale, Charles R chuck.caldar...@unisys.com wrote:
From: Caldarale, Charles R chuck.caldar...@unisys.com
Subject: RE: avoiding ssl vulnerabilities in tomcat
From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in]
Subject: Re: avoiding ssl vulnerabilities in tomcat
As per the team, it is recommended to go for Tomcat 5
in our environment.
Why would you waste your time with Tomcat 5? If you're going to upgrade from
4, move to the version that's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8/12/2009 3:12 AM, sunil chandran wrote:
The issue is SSL vulnerability. from the responses, i understood that
i need to upgrade to tomcat latest version. As per the team, it is
recommended to go for Tomcat 5 in our environment.
With
/OpenSSL connector.
Correct?
Jeff
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, August 12, 2009 9:46 AM
To: Tomcat Users List
Subject: Re: avoiding ssl vulnerabilities in tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff,
(Strange... to me, your message looked like an attachment to the
security notice that would typically be put at the end of a message.
When I tried to reply to that, all the characters got all wonky. At
least coy-paste still works :)
On
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
Subject: RE: avoiding ssl vulnerabilities in tomcat
Date: Wed, 12 Aug 2009 09:51:30 -0500
From: jeffrey.jan
Chris -
(I just did a reply in Outlook and this is how it got packaged. Didn't look
that way to me, but got it that way on the send-back. Either Exchange or my
email filter - which adds the confidentialiy footer - did this.)
I figured it was only with the regular. Just wanted a clarification
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users List users@tomcat.apache.org
Date: Wednesday, 12 August, 2009, 8:15 PM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8/12/2009 3:12 AM, sunil chandran wrote:
The issue is SSL vulnerability. from the responses, i
...@christopherschultz.net
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users List users@tomcat.apache.org
Date: Wednesday, 12 August, 2009, 8:15 PM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8/12/2009 3:12 AM, sunil chandran wrote:
The issue is SSL vulnerability. from the responses, i
ssl vulnerabilities in tomcat
To: Tomcat Users List users@tomcat.apache.org
Date: Monday, 10 August, 2009, 7:10 PM
From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in]
Subject: Re: avoiding ssl vulnerabilities in tomcat
Is there any patch provided so that i can still use the same version
, Caldarale, Charles R chuck.caldar...@unisys.com wrote:
From: Caldarale, Charles R chuck.caldar...@unisys.com
Subject: RE: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users List users@tomcat.apache.org
Date: Monday, 10 August, 2009, 7:10 PM
From: sunil chandran [mailto:sunilonweb2
for anonymous authentication
Please tell me what exactly i must do in tomcat 4 to avoid this ssl
vulnerabilties.
Please help.
regardsSunil C
--- On Tue, 4/8/09, Mark Thomas ma...@apache.org wrote:
From: Mark Thomas ma...@apache.org
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users
in 4.1.32 if you must stay on 4.1.x then you should upgrade to
4.1.40.
Mark
regardsSunil C
--- On Tue, 4/8/09, Mark Thomas ma...@apache.org wrote:
From: Mark Thomas ma...@apache.org
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users List users@tomcat.apache.org
Date
...@apache.org wrote:
From: Mark Thomas ma...@apache.org
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users List users@tomcat.apache.org
Date: Monday, 10 August, 2009, 3:37 PM
sunil chandran wrote:
Hello all,
I found this issue form support team:
THREAT:
The Secure
Socket Layer (SSL
From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in]
Subject: Re: avoiding ssl vulnerabilities in tomcat
Is there any patch provided so that i can still use the same version
4.1.24 itself.
No, you *must* upgrade. Your reluctance to do so borders on the ridiculous.
- Chuck
Hello all,
there are some vulnerability existing on my server:
SSL Server Allows Cleartext Communication Vulnerability
soultion provided by the team was:
SOLUTION:
Disable support for anonymous authentication.
SOLUTION:
Disable ciphers which support cleartext communication.
These
sunil chandran wrote:
there are some vulnerability existing on my server:
SSL Server Allows Cleartext Communication Vulnerability
snip/
Can someone help me identify the place in server.xml file to avoid these
vulnerabilties.
You didn't say which Tomcat version so I am going to assume
or “none”.
please help me.
regards
Sunil C
--- On Tue, 4/8/09, Mark Thomas ma...@apache.org wrote:
From: Mark Thomas ma...@apache.org
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users List users@tomcat.apache.org
Date: Tuesday, 4 August, 2009, 2:42 PM
sunil chandran
me.
regards
Sunil C
--- On Tue, 4/8/09, Mark Thomas ma...@apache.org wrote:
From: Mark Thomas ma...@apache.org
Subject: Re: avoiding ssl vulnerabilities in tomcat
To: Tomcat Users List users@tomcat.apache.org
Date: Tuesday, 4 August, 2009, 2:42 PM
sunil chandran wrote
sunil chandran wrote:
Hello sir,
I am sorry. I am using tomcat 4
Tomcat 4 is no longer supported. You *really* need to upgrade.
!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --
Connector className=org.apache.coyote.tomcat4.CoyoteConnector
port=8443
27 matches
Mail list logo