Re: No traffic after upgrade to Tomcat 8.5.16 (loadbalancing issue)

Hi Bernd, > Am 31.07.2017 um 19:17 schrieb Bernd Wahlen : > > Thanks for your help, > > what do you mean with take it off the server farms first? > > The upgrade process is like this: > stop tomcat > change symlink to new version > start tomcat > >

Re: No traffic after upgrade to Tomcat 8.5.16 (loadbalancing issue)

Bernd, > Am 01.08.2017 um 11:01 schrieb Bernd Wahlen : > > Hi M, Peter and Christoph, > > >Have you tried taking the affected server out completely from the >farm? In > >this way, you have 4 tomcats seen by the loadbalancer. Once >you have done > >the

Re: Where Tomcat webapp contexts live on Debian

I'd assume the service that starts tomcat sets the bin-Dir, that contains a setenv.sh, that has the CATALINA_HOME and BASE env-Varaibles, where you find the context-Files that have a docbase. I'd like to repeat the question: who did this setup? Peter Kreuser > Am 15.08.2017 um 23:45 schr

Re: Where Tomcat webapp contexts live on Debian (NOT off-topic; A LEGITIMATE TECHNICAL QUESTION)

That's what I tried to say... sorry I was maybe not specific enough... Peter > Am 17.08.2017 um 02:29 schrieb James H. H. Lampert : > >> On 8/16/17, 11:43 AM, André Warnier (tomcat) wrote: >> , , , >> So as a start, look at /etc/init.d/tomcat7 on your system, and check

Re: Server giving 404 since upgrade to Tomcat7

Hi all, > Am 25.07.2017 um 21:00 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >>> On 7/25/17 11:14 AM, Peter Flynn wrote: >>> On 24/07/17 11:57, Mark Thomas wrote: >>> On 24/07/17 11:12, Flynn, Peter wrote: >>

[OT]Re: Tomcat server apparently bouncing up and down

Talking nicely and understandingly to it won't help either, I guess... Have a nice weekend Peter > Am 19.08.2017 um 08:31 schrieb André Warnier (tomcat) : > > 3 kids raised, 30 years of programming talking : slap it. > > >

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

Todd, Peter Kreuser Peter Kreuser > Am 26.06.2017 um 18:56 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Todd, > >> On 6/23/17 2:56 PM, Todd wrote: >> Thank you Peter - I

Re: Apache httpd server 2.4.25 binaries for Non Windows platforms

Olaf, Peter Kreuser +49 172 6649346 >> Am 16.06.2017 um 11:14 schrieb Olaf Kock <tom...@olafkock.de>: >> >> Am 16.06.2017 um 08:55 schrieb Prarthana Agwania: >> We have a requirement to package Apache httpd server together with mod_jk >> 1.2.42 and distrib

Re: "Cannot store non-PrivateKeys" exception moving from 8.0.37 to 8.5.20 - Linux

Peter Kreuser > Am 21.09.2017 um 18:19 schrieb Sean Dawson <sean.dawson2...@gmail.com>: > > Hello, > > We migrated our application that was running fine on 8.0.37 to 8.5.20 and > on startup we receive: > > java.lang.IllegalArgumentException: java.security.Key

Re: encodeURL, jsessionid and mod_rewrite ?

Peter Kreuser > Am 04.10.2017 um 02:44 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Laurant, > >> On 10/3/17 5:17 PM, Laurent Perez wrote: >> I'm using apache+mod_proxy+mod_re

Re: URL-encoding and "#"

Chris, Peter Kreuser > Am 13.10.2017 um 04:29 schrieb Christopher Schultz > <w...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > >> On 10/12/17 8:44 PM, James H. H. Lampert wrote: >> Question: >>

Re: tomcat ssl setup

John, > Am 27.09.2017 um 18:08 schrieb John Ellis : > > > > John Ellis > > 405.285.2500 office > > > > > http://biz-e.io > > > -Original Message- > From: l...@kreuser.name [mailto:l...@kreuser.name] > Sent: Tuesday, September 26, 2017 3:26 PM > To:

Re: Enforcing server preference for cipher suites

Harish, > Am 10.10.2017 um 00:00 schrieb Harish Krishnan : > > Thanks for the response, Chris. > > Below are my answers in order. > To keep the response as short as possible, i have not included the ciphers > list in the connector - > > a) Tomcat 7.0.79 (will be updating

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

Christopher, Peter Kreuser > Am 10.10.2017 um 00:14 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > >> On 10/9/17 5:19 PM, Christopher Schultz wrote: >>>

Aw: Trouble with TLS/SSL and Tomcat 8.5.23

Richard, > Gesendet: Mittwoch, 22. November 2017 um 14:40 Uhr > Von: "Richard Tearle" > > An: users@tomcat.apache.org[mailto:users@tomcat.apache.org] > Betreff: Trouble with TLS/SSL and Tomcat 8.5.23 > Hello > >

Re: Activating Tomcat 8.5 APR on RHEL7

Hi Jean-Pierre, > Am 15.01.2018 um 15:45 schrieb Jean Pierre Urkens > : > > I am having problems getting the apr library discovered by Tomcat 8.5. This > is what I tried: > > 1. I installed Tomcat-8.5 on RHEL-7. > 2. As the native tomcat apr

Re: Using Environment variables instead of Java -D properties for context.xml substitution

Algirdas, > Am 23.01.2018 um 13:27 schrieb Algirdas Veitas : > > Andre, my apologies for bringing up a topic that has been repeated ad > nauseum. > > We were thinking of a process like the following, which would eliminate > "the information has to available somewhere in a

Re: Using Environment variables instead of Java -D properties for context.xml substitution

BTW: > Am 23.01.2018 um 13:56 schrieb Peter Kreuser <l...@kreuser.name>: > > Algirdas, > > > >> Am 23.01.2018 um 13:27 schrieb Algirdas Veitas <apvei...@gmail.com>: >> >> Andre, my apologies for bringing up a topic that has been repeated ad

Re: [OT] How does tomcat handle session ids?

: Please also review “session fixation” as a side note to this problem. Peter Kreuser > Am 08.02.2018 um 17:14 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Mark, > >> On 2/8/18 4:49 AM

Re: Apache Tomcat 8.5.24 SSL Configuration

Thomas, > Am 22.12.2017 um 15:38 schrieb Thomas Delaney : > > I apologize for the poor grammar in my last response and extra email. The > site I have setup is internal only. I will not be able to test the site > using SSL Labs. > You may try https://testssl.sh and

Re: Outbound SSL?

James, Outbound SSL is usually handled by the underlying Java VM. > Am 29.05.2019 um 20:57 schrieb James H. H. Lampert : > > We have a customer that is running our Tomcat-based webapp, and it is > apparently having trouble accessing a Google web service. > > The error message they're getting

Re: AW: Outbound SSL?

Chris, James > Am 01.06.2019 um 02:30 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > >> On 5/31/19 18:41, James H. H. Lampert wrote: >>> On 5/31/19, 3:34 AM, bernd.sch...@daimler.com wrote: >>> You can run a small java program on your jvm to

Re: Minor version upgrades

Dave > Am 10.05.2019 um 17:23 schrieb Dave Ford : > > Hello, > > We've running many instances of Tomcat 8.5 on some dozens of linux > servers. All of this is being managed by Puppet using the puppetforge > tomcat module. > > The Puppet module that deploys tomcat simple checks to see if the

Re: Secure Communication Between Tomcat Servers

Isn‘t that what client certs are for? Https to identify Server A, Client cert to authenticate Server B? Message integrity should then be unnecessary?! Or am I missing a piece? Peter > Am 09.09.2019 um 21:10 schrieb M. Manna : > > Why not use JWT cookies/tokens? You sign your claims and only

Re: Support Request for problem with problem running SSL certificate on tomcat 8

, but as your keystore is causing troubles, I‘m not really able to troubleshoot that. After all, you may have to reread on cert handling with keytool vs. openssl. I prefer the openssl way ;-). Peter Peter Kreuser > Am 06.08.2019 um 19:50 schrieb Munzer Khatib : > > Hi Peter > I dont have

Re: Problem with OpenSSL cipher suites -what's wrong with this configuration?

Jessica, Peter Kreuser > Am 07.08.2019 um 14:33 schrieb Alten, Jessica-Aileen > : > > Dear all, > > I have a problem with the Tomcat 9.0.22 configuration for TLSv1.3 using > jdk8u222-b10_openj9-0.15.1 on Windows Server 2016. In principle TLSv1.3 > works, but I wan

[slighly OT] Re: Apache Vulnerability - Understanding Connector Protocols

Michael, Mark and Chris, > Am 02.08.2019 um 01:40 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Michael, > On 8/1/19 15:21, Michael Osipov wrote: Am 2019-08-01 um 21:19 schrieb Mark Thomas: On 01/08/2019 20:07, Justiniano, Tony wrote:

Re: Support Request for problem with problem running SSL certificate on tomcat 8

Hi, > Am 06.08.2019 um 02:42 schrieb Munzer Khatib : > > Hi > Can you help me with this problem. > Problem: Installing SSL certificate on Apache Tomcat 8.0.36 fails > I am trying to install a new SSL certificate into Apache tomcat 8.0.36.I ran > same steps ran successfully in 2013 and 2016 on

Re: Security issue involving HTTP response headers

Hi James, Peter Kreuser > Am 02.10.2019 um 08:05 schrieb > : > > Tomcat 7.0.63 and above. > > Navigate to the tomcat conf directory and open the web.xml with a text editor. > > In the filter section of the web.xml add the following filter >

Re: Using CsrfPreventionFilter with GET-based submissions

Chris, > > Am 09.11.2019 um 03:58 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > All, > > I'm playing with the CsrfPreventionFilter and things are working well > in the following situations: > > link text > > and > > > ... > > > As long as

Re: Using CsrfPreventionFilter with GET-based submissions

Chris, > Am 13.11.2019 um 02:35 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >> On 11/10/19 19:05, Peter Kreuser wrote: >> Chris, >> >>> >>> Am 09.11.2019 um 03:58 schri

Re: Global Error Handling

 Mark, Peter Kreuser >>> Am 03.12.2019 um 14:31 schrieb Mark Thomas : >> On 03/12/2019 12:50, logo wrote: >> Sumit, >> Am 2019-12-03 13:11, schrieb Sumit Bhardwaj: >>> Hi Experts, >>> We have a requirement from a customer, where in case of 404, wh

Re: remote jmx monitoring through ssh tunnel

Chris‘, > Am 10.12.2019 um 18:59 schrieb Chris Cheshire : > > On Tue, Dec 10, 2019 at 11:58 AM Chris Cheshire wrote: >> >>> On Tue, Dec 10, 2019 at 9:42 AM Christopher Schultz >>> wrote: >>> >>> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA256 >>> >>> Chris, >>> >>> On 12/9/19 17:10,

Re: UPDATED: JMX reloadSslHostConfigs fails with javax.management.RuntimeOperationsException

Mark, Peter Kreuser >> Am 16.12.2019 um 16:05 schrieb Mark Thomas : >> >> On 16/12/2019 12:55, Mark Thomas wrote: >>> On 15/12/2019 09:33, logo wrote: >> >>> Mark can you confirm that this is a bug? >> Confirmed. >> I'm looking

Re: [OT] Install Comodo SSL in Tomcat

Chris, Peter Kreuser > Am 28.01.2020 um 16:34 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >>>>> On 1/27/20 3:35 PM, logo wrote: >> Could you try >> openssl pkcs12 -export -in my.crt -

Re: [OT] Install Comodo SSL in Tomcat

Chris, > Am 28.01.2020 um 18:02 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >> On 1/28/20 11:30 AM, Peter Kreuser wrote: >> Peter Kreuser >>> Am 28.01.2020 um 16:34 schrieb Christopher

Re: TC8 -> TC9 KeyAlias SSL not supported?

Peter, > Am 13.01.2020 um 16:49 schrieb Peter Rader : > >  >> Peter, >> Can you find what you are looking for here? >> >> > >> ? > > No! There is no such node or any similar content. And there simply can not be > such a node because all the connector-xml-nodes are self-closing as you might

Re: Let's Encrypt with Tomcat?

same that you did for 443 forwarding to redirect 80 to tomcat port 8080. IIKS, hope I was not too confusing??? Peter Peter Kreuser > Am 30.12.2019 um 20:01 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > > On 12/2

Re: Let's Encrypt with Tomcat?

James, > Am 28.12.2019 um 00:33 schrieb James H. H. Lampert : > >  >>> >>> Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" and >>> ".key" files directly, instead of the Java Keystore file? Correct! > If so, then that could potentially simplify things: if I have HTTPD

Re: Breakthrough, Re: Let's Encrypt with Tomcat?

James, >> Am 06.01.2020 um 22:28 schrieb James H. H. Lampert >> : >> >> I think I found something, with the help of "MLu" on ServerFault: >> >> He advised me to try "iptables -L" and "iptables-save" again, only this time >> "sudo" them. >> >> When I did "iptables -L" under root

Re: Curl problem with reloadSslHostConfigs, Re: Let's Encrypt with Tomcat?

James, > Am 07.01.2020 um 03:11 schrieb James H. H. Lampert : > > Dear Mr. Schultz, et al.: > > The manager password on this Tomcat server has an embedded curly brace, and > an embedded question mark. > > If I do this (the names have been changed to protect the innocent, and the > -k!) >

Re: Ignore duplicate HTTP headers in Tomcat 8.5.50-0+deb9u1

Chris (and Mark), > Am 07.01.2020 um 17:22 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Mark, > >> On 1/7/20 4:36 AM, Mark Thomas wrote: >>> On 07/01/2020 07:10, Dennis Rech wrote: >>> POST /foo HTTP/1.1 Host: foo.com POST /foo HTTP/1.1 Host:

Re: Ignore duplicate HTTP headers in Tomcat 8.5.50-0+deb9u1

Mark, maybe this getting offtopic. > Am 07.01.2020 um 18:58 schrieb Mark Thomas : > > On 07/01/2020 16:22, Christopher Schultz wrote: > > > >> Since the Host header seems to be special in this regard (i.e. there >> is no prohibition against multiple Accept headers), might we be >> willing

Re: Let's Encrypt with Tomcat?

Chris, Peter Kreuser > Am 27.12.2019 um 21:14 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > >> > but the idea is that certbot has "plug-ins" and we'd need to > supply a "tomcat" plug-in that d

Re: [OT] Re: Maven Warning. Ubuntu Users

Zahid, you‘re talking to one of the most respected members of the community like this? STFU or leave. This calls for an ban! Peter > Am 08.01.2020 um 06:06 schrieb Zahid Rahman : > >  >> >> A version of what? > MAVEN > MAVEN > MAVEN > > In light of this video https://youtu.be/idViw4anA6E

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

Mark, James > Am 09.04.2020 um 22:14 schrieb Mark Eggers : > > James, > >> On 4/9/2020 12:11 PM, James H. H. Lampert wrote: >>> On 4/6/20 2:13 PM, Mark Eggers wrote: >>> # Secure your proxy - localhost for now - this is IMPORTANT >>> >>>Require ip 127 >>> >> Isn‘t this for CONNECT

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

James, > Am 06.04.2020 um 21:53 schrieb James H. H. Lampert : > > Here is the situation: > > We have an existing Amazon EC2 instance, running Amazon Linux 2, with an > Apache httpd server already running our web sites (for argument's sake, > "foo.com," "bar.com," and "baz.com."), and already

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

Pratik, > Am 25.08.2020 um 12:14 schrieb Pratik Shrestha : > > Hi all, > > Tomcat version: 9.0.37 > > Our website is running on Tomcat. We did Qualys vulnerability scan on our > site. Scan shows below vulnerability. > > Insecure transport > Group: Information Disclosure > CWE CWE-319 > OWASP

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

Mark, Sorry for Top-posting. I’m still wondering what is causing this Qualys finding. I remember times when you got only garbage when you connected with http to https. Probably Qualys was fine with that. Now you get a nice 400 message that helps the user understand his mistake and Qualys

Re: Error in stopping application tomcat !!

Kushagra, > Am 25.07.2020 um 08:12 schrieb Kushagra Bindal : > > One more related changes : > https://bz.apache.org/bugzilla/show_bug.cgi?id=63041 None of the bugzilla entries relate to changes in newer versions. It won‘t be as easy as to search for „ „shutdown“ in either bugzilla or the

Re: Browser complains of "weak signature algorithm" in cert on a new Tomcat installation. Does anybody here know anything about that sort of thing

James, > Am 07.01.2021 um 00:34 schrieb James H. H. Lampert : > > We just had our first Tomcat 8.5 installation on a customer's AS/400. > > The customer apparently has his own CA (they're a big company), and when I > installed SSL in their Tomcat, and tested it with a browser, it complained,

Re: [OT] programming style or mental process ?

All, > Am 05.04.2021 um 14:38 schrieb Christopher Schultz > : > > André, > >> On 4/4/21 06:23, André Warnier (tomcat/perl) wrote: >> Hi. >> I have a question which may be totally off-topic for this list, but this has >> been puzzling me for a while and I figure that someone here may be able

Re: Question about TLS/SSL setup and SSLHostConfig or not

Alex, > Am 02.03.2021 um 23:19 schrieb Alex : > > Hi. > >> On 02.03.21 23:14, John Larsen wrote: >> I usually let the apache webserver or nginx handle the SSL while proxying >> to the tomcat. Unless you need some really fancy rewriting or caching, Tomcat is absolutely capable to handle

Re: Connector Port Issue

Chris, > Am 05.08.2021 um 18:32 schrieb Rob Sargent : > >  >>Caused by: java.lang.IllegalArgumentException: No SSLHostConfig >> element was found with the hostName [_default_] to match the >> defaultSSLHostConfigName for the connector [https-jsse-nio-9443] >> > The ssl-Options are

Re: [OT] Getting TLS handshake details

Chris, > Am 13.04.2022 um 21:37 schrieb Christopher Schultz > : > > All, > > I asked this question a few years ago on SO and I didn't really get an answer: > https://stackoverflow.com/questions/39374024/determine-diffie-hellman-parameters-length-for-a-tls-handshake-in-java > > Does anyone

Re: [OT] Getting TLS handshake details

Chris, > Am 14.04.2022 um 23:21 schrieb Christopher Schultz > : > > Peter, > >> On 4/14/22 03:45, Peter Kreuser wrote: >> Chris, >>>> Am 13.04.2022 um 21:37 schrieb Christopher Schultz >>>> : >>> All, >>> I asked this

Re: CIS Tomcat 8 Benchmark (v1.1.0) -- Questions

Robert, While Mark Thomas will have a more detailled answer to this... The finding behind this test is valid (information disclosure with server version in responses), though the remediation listed here is from looong time ago, when the was no ErrorReportValve to purge the version info. So

Re: HSTS on 401 / error pages

d) !!! BTW: HSTS needs to be evaluated only once and then sticks in the browser! So unless the 401 is the first page ever, this change would not be really necessary. Peter > Am 15.09.2023 um 17:58 schrieb Thomas Hoffmann (Speed4Trade GmbH) > : > > Hello Christ, > >> -Ursprüngliche

Re: Admin password for Tomcat

Jerry, > Am 05.11.2023 um 02:34 schrieb Brian Wolfe : > > You need to build a custom realm for that if you're using tomcat to manage > your user sessions and not creating your own sessions for your application. > You can extend the existing one that you're using. I assume you're using > the

Re: Tomcat 10.1.1 error starting

Jon, > Am 20.10.2022 um 18:57 schrieb jonmcalexan...@wellsfargo.com.invalid: > > Good morning, > > I am getting the following error when trying to start a very generic setup of > Tomcat 10.1.1 on Windows Server 2019. > > Error: A JNI error has occurred, please check your installation and

Re: SSLLabs scan shows TLSv1.0 and TLSv1.1 even though I have sslProtocol="TLSv1.2"

James, the most recent connector attribute is "protocols". The documentation is a bit vague on this saying there is an overlap between the two, yet I don't know if the overlap is there if protocols is unset and defaults to "all"

Re: Simple SSL question

Jon and Chris, > Am 11.08.2022 um 19:33 schrieb Christopher Schultz > : > > Jon, > >> On 8/11/22 12:53, jonmcalexan...@wellsfargo.com.INVALID wrote: >> I was just wondering if there was a vanity name for the "new" structure is >> all, to differentiate in documentation. > > *shrug* > >

Re: OT: hsts in Tomcat 9.0.73

Any more details on the request? Are you hitting an error 400? Like with ip address on a name based host? That is handled prior to the filter and so you don't see the header! Peter > Am 20.04.2023 um 22:40 schrieb jonmcalexan...@wellsfargo.com.invalid: > > Hellow again. > > I hae another

Re: OT: hsts in Tomcat 9.0.73

Jon, Peter Kreuser Liebknechtstr. 83 63303 Dreieich-Sprendlingen phone: +49 6103 9880863 fax: +49 6103 9886215 mobile: +49 172 6649346 email: pe...@kreuser.name web: www.kreuser.name key: http://www.kreuser.name/PGP_Public_Key.txt smime: http://www.kreuser.name/SMIME.cer > Am 24.04.2023 um

Re: [EXT] Datadog _ JMX Integration facing connection issues.

Sai Vamsi, > Am 13.12.2023 um 19:59 schrieb Chuck Caldarale : > >  >> On Dec 13, 2023, at 10:36, Bodavula, Sai Vamsi Mohan Krishna (TR Technology) >> wrote: >> >> as you just asked ., >> I do have a process with Catalina. >> >> root@lab1workflow4scalsvc2zus1-deployment-659dd79df7-wg59g:/#

Re: Running as user tomcat

Hi Chris, > Am 23.02.2018 um 18:36 schrieb Cheltenham, Chris > : > > Hello All, > > I am trying to run tomcat as a non root user. > > It will start as the tomcat user but it will not bind to connector 443 unless > it starts as root. > > Does anyone know

Re: Connection closed error and certificateVerification="required"

Mark, >> Am 18.04.2018 um 11:55 schrieb Mark Thomas : >> >> On 18/04/18 10:36, Richard Tearle wrote: >> On 17 April 2018 at 16:45, Richard Tearle >> wrote: >>> On 17 April 2018 at 14:54, Mark Thomas wrote: > On 17/04/18

Re: [EXTERNAL] Re: tomcat Finding!

Danyaal, > Am 18.12.2018 um 21:15 schrieb > : > > Added following to the Server.xml, still showing in the latest scan. > > showReport=false" showServerInfo="false" /> > > Thank you, > Danyaal > > -Original Message- > From: John Palmer [mailto:johnpalm...@gmail.com] > Sent:

Re: Http insecure headers

t;> i searched and found that need to add express filters in web config but >> >>>>> not >> >>>>> sure on where to add in filters. >> >>>>> >> >>>>> can you please guide me on same? >> >>>>> >> >>

Re: Has anybody ever heard of "ECDHE-ECDSA-CHACHA20-POLY1305"? was Re: TLS protocols and cipher suites

Oh, and yes I’ve heard about them and used the RSA version! Peter > Am 18.03.2019 um 23:49 schrieb James H. H. Lampert : > > I've just (same customer as before) been asked about > ECDHE-ECDSA-CHACHA20-POLY1305 > and ECDHE-RSA-CHACHA20-POLY1305 > > and I can't find either one on the Sun or IBM

Re: Has anybody ever heard of "ECDHE-ECDSA-CHACHA20-POLY1305"? was Re: TLS protocols and cipher suites

Hi James, > Am 18.03.2019 um 23:49 schrieb James H. H. Lampert : > > I've just (same customer as before) been asked about > ECDHE-ECDSA-CHACHA20-POLY1305 > and ECDHE-RSA-CHACHA20-POLY1305 > > and I can't find either one on the Sun or IBM JSSE cipher lists for Java 8. > Most certainly only

Re: Question regarding mitigating the CVE-2017-12617 vulnerability

Michael, > Am 13.02.2019 um 22:03 schrieb Adams, Michael : > > Christopher, > Thanks for your input. It was very helpful. This afternoon, my > InfoSecurity technician who runs the Tripwire app believes Apache Tomcat vs > 8.5.13 is being flagged for the CVE-2017-12617 vulnerability solely

Re: Http insecure headers

Hi Nitin, Per se this can be done by enabling the org.apache.catalina.filters.HttpHeaderSecurityFilter in the global or your webapp‘s web.xml For CSP you should write your own Filter. Beware though that Content Security Policy is nothing that can be enabled without application knowhow, the

Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server

Hi Gary, see way below inline... > Am 16.04.2019 um 03:02 schrieb Hua, Gary - Saint Louis, MO - Contractor > : > > Luis: > > Thanks for your input. I put the following into > conf/logging.properties and add debug="99" in the Realm definition so I > can see more Realm logging