On 21/11/2018 19:43, Christopher Schultz wrote: > Mark, > > On 11/21/18 11:51, Mark Thomas wrote: >> On 21/11/2018 16:36, Mark Thomas wrote: >>> On 21/11/2018 15:37, Mark Thomas wrote: >>>> On 21/11/2018 15:29, Christopher Schultz wrote: >>>>> All, >>>>> >>>>> With this last patch, I'm ready for a back-port to tc8.5.x, >>>>> but I'm waiting for a user who is trying to get this working >>>>> on tc9.0 to be successful. >>>>> >>>>> If anyone else can confirm that this is all working in a real >>>>> cluster (dev/test is okay) then I'll go ahead and back-port, >>>>> assuming there is some kind of configuration error in that >>>>> particular user's case. >>>> >>>> I'll fire up my 4 node test cluster and let you know. It may >>>> take me a while - there are usually a bunch of OS updates >>>> waiting for me when I start it up. >>> >>> I'm seeing lots of errors. >>> >>> I think the problem is that the interceptor is using one Cipher >>> for all members but nodes don't send the same messages to every >>> member so the members get out of sync and decryption starts >>> failing. > >> Oh, and to add to the 'fun' messages may be processed out of >> order. > > That should also be okay, since messages aren't related to each other. > > But it might be a problem with trying to prevent replay attacks.
I thought you were using CBC so a missing block (a message being one or more blocks) means that the next message can't be decrypted. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
