RE: Tomcat TLS 1.2 Issue
> From: Mudassir Aftab [mailto:withmudas...@gmail.com] > Subject: Tomcat TLS 1.2 Issue > I need TLSv1.2 support for tomcat Again, you are using the wrong mechanism to present queries about how to configure and use Tomcat. You should post this on the users' mailing list, not the development one. You will also need to supply basic environment information, such as the JVM version in use and the platform you're running on. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Tomcat TLS 1.2 Issue
I need TLSv1.2 support for tomcat, can any one help me by providing
TLS v1.2 patch, also where should i actually apply the patch, in JDK /
Tomcat / Tomcat Native ??
Also what will be the preferable connector settings ?
I am using following connector in Apache Tomcat/7.0.42
An error occurred during a connection to confidential.com:8443. Cannot
communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)
CRITICAL - Cannot make SSL connection
140441642727072:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:724:
HTTP CRITICAL - Error on receive
root@confidential:/opt/tomcat7#
I have tried 7.0.42 . 7.0.47 ,6.0.36 and 6.0.37 but nothing helped me
yet. Can you please help me on this ?
tcp0 0 0.0.0.0:84430.0.0.0:*
LISTEN 9757/java
Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.27 using APR
version 1.4.6.
Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters
[false], random [true].
Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener
initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1e 11 Feb 2013)
Jan 01, 2014 5:37:55 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8443"]
Jan 01, 2014 5:37:55 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
Jan 01, 2014 5:37:55 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2588 ms
Jan 01, 2014 5:37:55 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jan 01, 2014 5:37:55 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.42
Jan 01, 2014 5:37:55 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /opt/tomcat7/webapps/confidential.war
Jan 01, 2014 5:37:59 PM org.hibernate.annotations.common.Version
INFO: HCANN01: Hibernate Commons Annotations {4.0.2.Final}
Jan 01, 2014 5:37:59 PM org.hibernate.Version logVersion
INFO: HHH000412: Hibernate Core {4.2.4.Final}
Jan 01, 2014 5:37:59 PM org.hibernate.cfg.Environment
Re: [VOTE] Release Apache Tomcat 7.0.50
I have errors when testing the maven plugin with the staged artifacts: SEVERE: A child container failed during start java.util.concurrent.ExecutionException: java.lang.ExceptionInInitializerError at java.util.concurrent.FutureTask$Sync.innerGet(FutureTask.java:222) at java.util.concurrent.FutureTask.get(FutureTask.java:83) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1123) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:801) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) at java.lang.Thread.run(Thread.java:695) Caused by: java.lang.ExceptionInInitializerError at org.apache.catalina.startup.TldConfig.createTldDigester(TldConfig.java:94) at org.apache.catalina.startup.TldConfig.init(TldConfig.java:576) at org.apache.catalina.startup.TldConfig.lifecycleEvent(TldConfig.java:559) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:110) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) ... 7 more Caused by: java.lang.NullPointerException at org.apache.tomcat.util.descriptor.DigesterFactory.idFor(DigesterFactory.java:107) at org.apache.tomcat.util.descriptor.DigesterFactory.(DigesterFactory.java:59) ... 15 more To reproduce get maven plugin sources then: mvn clean install -Prun-its -Ptc-staging -DtcStagedReleaseUrl=https://repository.apache.org/content/repositories/orgapachetomcat-004 -Dtomcat7Version=7.0.50 On 28 December 2013 01:48, Mark Thomas wrote: > On 20/12/2013 12:52, Violeta Georgieva wrote: >> The proposed Apache Tomcat 7.0.50 release is now available for voting. >> >> It can be obtained from: >> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.50/ >> The Maven staging repo is: >> https://repository.apache.org/content/repositories/orgapachetomcat-004/ >> The svn tag is: >> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_50/ >> >> The proposed 7.0.50 release is: >> [ ] Broken - do not release >> [X] Stable - go ahead and release as 7.0.50 Stable > > My tests all pass. > > Mark > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > -- Olivier Lamy Ecetera: http://ecetera.com.au http://twitter.com/olamy | http://linkedin.com/in/olamy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Tomcat Wiki] Update of "Cookies" by markt
On 1 January 2014 18:32, Jeremy Boynes wrote: > On Dec 31, 2013, at 12:46 PM, Mark Thomas wrote: > >> Signed PGP part >> On 31/12/2013 20:29, Mark Thomas wrote: >> > On 31/12/2013 17:03, Jeremy Boynes wrote: >> >> On Dec 31, 2013, at 3:55 AM, Mark Thomas >> >> wrote: >> > >> >>> On 31/12/2013 11:39, Apache Wiki wrote: >> Dear Wiki user, >> >> You have subscribed to a wiki page or wiki category on >> "Tomcat Wiki" for change notification. >> >> The "Cookies" page has been changed by markt: >> https://wiki.apache.org/tomcat/Cookies >> >> New page: #acl AdminGroup:read,write All:read ##language:en >> >> = Cookies = >> > >> >> I’m not able to edit that page - is the acl right? >> > >> > No, it isn't. It was copied from another page. I'll go through the >> > wiki and check all of the pages. >> >> Try now. I just got locked out for requesting too many pages too fast >> but I think the cookie page should be editable by anyone in the >> contributors group now. If you aren't in that group reply with your >> wiki ID and someone will add you. > > I still don’t have an “Edit” action - my wiki id is jboynes. Not surprising, as you were not in the ContributorsGroup - see the second para on the Front page. Try again now. > Thanks > Jeremy > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "ContributorsGroup" by SebastianBazley
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "ContributorsGroup" page has been changed by SebastianBazley: https://wiki.apache.org/tomcat/ContributorsGroup?action=diff&rev1=14&rev2=15 Comment: += jboynes * developintelligence * EmericVernat * GlenIhrig + * jboynes * [Krzysztof Gil] * LucaVisconti * NevenCvetkovic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55946] New: Add sample filter for serving pre-compressed files by merely adding "Content-Encoding" to response headers
https://issues.apache.org/bugzilla/show_bug.cgi?id=55946 Bug ID: 55946 Summary: Add sample filter for serving pre-compressed files by merely adding "Content-Encoding" to response headers Product: Tomcat 8 Version: trunk Hardware: PC OS: Mac OS X 10.4 Status: NEW Severity: enhancement Priority: P2 Component: Examples Assignee: dev@tomcat.apache.org Reporter: ch...@christopherschultz.net Certain pre-compressed resources need only Content-Encoding:gzip set in output headers (e.g. .svgz files). Ref: http://markmail.org/thread/oatgj63lrgc4kvh6 In that thread, markt proposed a Filter that could be used as a basis. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [Tomcat Wiki] Update of "Cookies" by markt
On Dec 31, 2013, at 12:46 PM, Mark Thomas wrote: > Signed PGP part > On 31/12/2013 20:29, Mark Thomas wrote: > > On 31/12/2013 17:03, Jeremy Boynes wrote: > >> On Dec 31, 2013, at 3:55 AM, Mark Thomas > >> wrote: > > > >>> On 31/12/2013 11:39, Apache Wiki wrote: > Dear Wiki user, > > You have subscribed to a wiki page or wiki category on > "Tomcat Wiki" for change notification. > > The "Cookies" page has been changed by markt: > https://wiki.apache.org/tomcat/Cookies > > New page: #acl AdminGroup:read,write All:read ##language:en > > = Cookies = > > > >> I’m not able to edit that page - is the acl right? > > > > No, it isn't. It was copied from another page. I'll go through the > > wiki and check all of the pages. > > Try now. I just got locked out for requesting too many pages too fast > but I think the cookie page should be editable by anyone in the > contributors group now. If you aren't in that group reply with your > wiki ID and someone will add you. I still don’t have an “Edit” action - my wiki id is jboynes. Thanks Jeremy signature.asc Description: Message signed with OpenPGP using GPGMail
[Bug 55945] New: Support pre-compressed (gzip) resources with arbitrary file name extensions
https://issues.apache.org/bugzilla/show_bug.cgi?id=55945 Bug ID: 55945 Summary: Support pre-compressed (gzip) resources with arbitrary file name extensions Product: Tomcat 8 Version: trunk Hardware: PC OS: Mac OS X 10.4 Status: NEW Severity: enhancement Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: ch...@christopherschultz.net Bug 54095 adds support for pre-compressed files, but the pre-compressed file needs to be the name of the originally-requested resource + ".gz". This isn't convenient for other file name patterns -- for example "*.svg" -> "*.svgz". Being able to specify a list of pattern mutations would be nice. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55945] Support pre-compressed (gzip) resources with arbitrary file name extensions
https://issues.apache.org/bugzilla/show_bug.cgi?id=55945 Christopher Schultz changed: What|Removed |Added Hardware|PC |All OS|Mac OS X 10.4 |All -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: 8-bit text in cookie values
On Jan 1, 2014, at 8:59 AM, Mark Thomas wrote: > Signed PGP part > On 26/12/2013 19:23, Jeremy Boynes wrote: > > On Dec 26, 2013, at 2:47 AM, Mark Thomas wrote: > > > > Focusing on the 8-bit issue address by the patch, leaving the other > > RFC6265 thread for broader discussion ... > > > >>> The change only allows these characters in values if version == > >>> 0 where Netscape’s rather than RFC2109’s syntax applies (per > >>> the Servlet spec). The Netscape spec is vague in that it does > >>> not define “OPAQUE_STRING" at all and defines “VALUE” as > >>> containing equally undefined “characters” although > >>> historically[1] those have been taken to be OCTETs as permitted > >>> by RFC2616’s “*TEXT” variant of “field-content.” The change > >>> will continue to reject these characters in names and in > >>> unquoted values when version != 0 (RFC2109’s “word" rule) > >>> > >>> [1] based on comments by Fielding et al. on http-state and > >>> what I’ve seen in the wild > >> > >> Can you provide references for [1]? > > > > This is the mail in the run up to RFC6265 that triggered the > > discussion: > > http://www.ietf.org/mail-archive/web/http-state/current/msg01232.html > > Thanks > > > for that reference. What a complete mess. RFC6265 really > dropped the ball on this. The grammar for cookie-value is a disaster. > So far the issues include: > - no support for 0x80 to 0xFF > - no support for \" sequences > - no support for using whitespace, comma, semi-colon, backslash > > I was beginning to think that factoring out the cookie generation / > parsing and then providing different implementations (one for Netscape > + RFC2109 - roughly what we have now with a few fixes, one for RFC6265 > and maybe one very relaxed) would be the way to go. Having looked at > the first issue that plan already looks like it needs a re-think. > > I'm still hoping that by documenting all the various issues in one > place we will be able to come up with a solution that both addresses > all the issues you have raised and is better than the handful of > system properties we have currently. I think they did a reasonable job given the mess cookies are in the wild today. They summarize this in the preamble: > The recommendations for cookie generation provided in Section 4 represent a > preferred subset of current server behavior, and even the more liberal cookie > processing algorithm provided in Section 5 does not recommend all of the > syntactic and semantic variations in use today. Section 4 recommends guidelines for servers generating cookies. I interpret that as being “if you follow these guidelines, you have a good chance of actually getting back the value you tried to set.” The rules above (no 8-bit, no escaping, no Netscape delimiters) reflect that principle. A server application can step outside those guidelines but "thar ther be dragons." — Jeremy signature.asc Description: Message signed with OpenPGP using GPGMail
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=12&rev2=13 Comment: Delete one question as this is V0 cookies where there is no quoting and answer other question ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed.||TBD||Netscape - quotes are part of value.||Quotes are not part of value.|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||Allowed.|| - ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash. (semi-colon, etc. allowed in quoted values?)|| + ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash.|| ||Always add expires||Enabled by default. Disabled by property.||TBD||Netsacpe uses expires. RFC2109 uses Max-Age.||Allows either, none or both.|| ||/ is separator||Enabled by default. Disabled by property.||TBD||Netscape allowed in names and values. RFC2109 allowed in values if quoted.||Allowed in values.|| - ||Strict naming (definition?)||Enabled by default. Disabled by property.||TBD||Netscape allows names the Servlet spec does not. RFC2109 is consistent with the Servlet spec.||Consistent with the Servlet spec.|| + ||Strict naming (as per Servlet spec)||Enabled by default. Disabled by property.||TBD||Netscape allows names the Servlet spec does not. RFC2109 is consistent with the Servlet spec.||Consistent with the Servlet spec.|| ||Allow name only||Disabled by default. Enabled by property.||TBD||Netscape allowed and equals sign expected before empty value. RFC2109 not allowed.||Allowed but equals sign required before empty value.|| Issues to add to the table above - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by ChristopherSchultz
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by ChristopherSchultz: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=11&rev2=12 Comment: Added clarification questions ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed.||TBD||Netscape - quotes are part of value.||Quotes are not part of value.|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||Allowed.|| - ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash.|| + ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash. (semi-colon, etc. allowed in quoted values?)|| ||Always add expires||Enabled by default. Disabled by property.||TBD||Netsacpe uses expires. RFC2109 uses Max-Age.||Allows either, none or both.|| ||/ is separator||Enabled by default. Disabled by property.||TBD||Netscape allowed in names and values. RFC2109 allowed in values if quoted.||Allowed in values.|| - ||Strict naming||Enabled by default. Disabled by property.||TBD||Netscape allows names the Servlet spec does not. RFC2109 is consistent with the Servlet spec.||Consistent with the Servlet spec.|| + ||Strict naming (definition?)||Enabled by default. Disabled by property.||TBD||Netscape allows names the Servlet spec does not. RFC2109 is consistent with the Servlet spec.||Consistent with the Servlet spec.|| ||Allow name only||Disabled by default. Enabled by property.||TBD||Netscape allowed and equals sign expected before empty value. RFC2109 not allowed.||Allowed but equals sign required before empty value.|| Issues to add to the table above - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55944] TLS v1.2 not working in Tomcat 6 and 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=55944
--- Comment #8 from Mudassir Aftab ---
(In reply to Mudassir Aftab from comment #6)
> I am using following connector in Apache Tomcat/7.0.42
>
> protocol="HTTP/1.1"
>maxThreads="200"
>scheme="https" secure="true" SSLEnabled="true"
>SSLCertificateFile="/home/mudassir/p/p.pem"
>SSLCertificateKeyFile="/home/mudassir/p/p-key.pem"
>sslEnabledProtocols="TLSv1.2"
>SSLCACertificateFile="/home/mudassir/p/AdminCA1.pem" />
>
> An error occurred during a connection to confidential.com:8443. Cannot
> communicate securely with peer: no common encryption algorithm(s). (Error
> code: ssl_error_no_cypher_overlap)
>
>
> CRITICAL - Cannot make SSL connection
> 140441642727072:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
> alert handshake failure:s23_clnt.c:724:
> HTTP CRITICAL - Error on receive
> root@confidential:/opt/tomcat7#
>
> I have tried 7.0.42 . 7.0.47 ,6.0.36 and 6.0.37 but nothing helped me yet.
> Can you please help me on this ?
tcp0 0 0.0.0.0:84430.0.0.0:* LISTEN
9757/java
Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.27 using APR version
1.4.6.
Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
Jan 01, 2014 5:37:54 PM org.apache.catalina.core.AprLifecycleListener
initializeSSL
INFO: OpenSSL successfully initialized (OpenSSL 1.0.1e 11 Feb 2013)
Jan 01, 2014 5:37:55 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-apr-8443"]
Jan 01, 2014 5:37:55 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-apr-8009"]
Jan 01, 2014 5:37:55 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2588 ms
Jan 01, 2014 5:37:55 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Jan 01, 2014 5:37:55 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.42
Jan 01, 2014 5:37:55 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /opt/tomcat7/webapps/confidential.war
Jan 01, 2014 5:37:59 PM org.hibernate.annotations.common.Version
INFO: HCANN01: Hibernate Commons Annotations {4.0.2.Final}
Jan 01, 2014 5:37:59 PM org.hibernate.Version logVersion
INFO: HHH000412: Hibernate Core {4.2.4.Final}
Jan 01, 2014 5:37:59 PM org.hibernate.cfg.Environment
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55944] TLS v1.2 not working in Tomcat 6 and 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=55944 --- Comment #7 from Mark Thomas --- You have already been directed to the users list for further assistance. If you continue to ignore this advice then your Bugzilla account will be disabled. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Support RFC6265 cookie processing
I have experimented with how different desktop browsers handle cookie values,
specifically with:
* Aurora-28.0a2
* Chrome-31
* Firefox-26
* Internet Explorer-11
* Safari-7.0.1
on OS X 10.9 except for IE which was on Windows 7. This mail is a dump of
things I found out and I will summarize conclusions on the wiki.
I first tried setting cookie values Netscape/RFC6265-style without any version
attribute:
< Set-Cookie:
cookieOctet=X!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~X
< Set-Cookie:
quoted="!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~"
< Set-Cookie: mismatchedQuote="abc
< Set-Cookie: semi=a;c
< Set-Cookie: space= a b c
< Set-Cookie: comma=a,c
< Set-Cookie: backslash=a\c
< Set-Cookie: dquote=a"c
The cookieOctet value matches the production from RFC6265 and contains all
CHARs except DQUOTE, common, semicolon and backslash. The quoted cookie is the
same but wrapped in DQUOTEs. All browsers accepted and returned those values as
is. In particular, they did not remove the DQUOTEs from quoted, showing them
stored client-side as part of the value.
The other values contain questionable values. These were all stored as-is with
a couple of exceptions:
* leading and trailing whitespace was removed
* semi was truncated to “a” as would be expected if the “;” was being treated
as a delimiter
* mismatched quote was stored by Safari as "abc, semi=a;c, space= a b c,
comma=a,c, backslash=a\c, dquote=a"c
The Cookie request header generated by Chrome after the response above is:
> Cookie:cookieOctet=X!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~X;
>
> quoted="!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~";
> mismatchedQuote="abc; semi=a; space=a b c; comma=a,c; backslash=a\c;
> dquote=a”c
which is the same value as returned from document.cookie in JavaScript:
> cookieOctet=X!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~X;
>
> quoted="!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~";
> mismatchedQuote="abc; semi=a; space=a b c; comma=a,c; backslash=a\c;
> dquote=a"c
When I attempt to set RFC2109 V1 cookies, Chrome’s behaviour is unchanged:
< Set-Cookie:
cookieOctet=X!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~X
; Version=1
< Set-Cookie:
quoted="!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~"
; Version=1
< Set-Cookie: mismatchedQuote="abc ; Version=1
< Set-Cookie: semi=a;c ; Version=1
< Set-Cookie: space= a b c ; Version=1
< Set-Cookie: comma=a,c ; Version=1
< Set-Cookie: backslash=a\c ; Version=1
< Set-Cookie: dquote=a"c ; Version=1
< Set-Cookie: escaped="a\"c" ; Version=1
results in
> Cookie:cookieOctet=X!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~X;
>
> quoted="!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~";
> mismatchedQuote="abc; semi=a; space=a b c; comma=a,c; backslash=a\c;
> dquote=a"c; escaped="a\”c”
The other browsers show the same with the exception of Safari’s handling of
mismatchedQuote:
> Cookie:
> cookieOctet=X!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~X;
> escaped="a\"c"; mismatchedQuote="abc ; Version=1, semi=a;c ; Version=1,
> space= a b c ; Version=1, comma=a,c ; Version=1, backslash=a\c ; Version=1,
> dquote=a"c;
> quoted="!#$%&'()*+-./0123456789:<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_`abcdefghijklmnopqrstuvwxyz{|}~”
The best I’ve been able to come up with for Safari is that if the value starts
with a DQUOTE then it parses until it finds a matching DQUOTE, folding headers
as it goes, including the commas from header folding, and stopping only when it
hits a semi outside the quotes. The mismatched quotes in “mismatchQuote” and
“dquote” end up getting paired and the resulting "abc ; Version=1, semi=a;c ;
Version=1, space= a b c ; Version=1, comma=a,c ; Version=1, backslash=a\c ;
Version=1, dquote=a”c value (note the trailing “c”) gets assigned to the
“mismatchedQuote” cookie. None of the browsers treat the values as being
invalid and ignore the cookie.
A response containing
< Set-Cookie: foo="a;b" ; Version=1
which should contain the cookie value “a;b” actually results in:
> Cookie: foo=“a
except on Safari:
> Cookie: foo="a;b”
due to its quote handling above.
I have not been able to induce any of the browsers to generate a $Version
attribute to indicate the Cookie header is a RFC2109 V1 header. They are also
all happy to store a cookie with the name “$Version” which allows such a header
to be faked:
< Set-Cookie: $Version=1
< Set-Cookie: foo=bar
results in:
> Cookie: $Version=1; foo=bar
All browsers are happy to create cookies with bad names. Given the response:
< Se
[Bug 55944] TLS v1.2 not working in Tomcat 6 and 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=55944 --- Comment #6 from Mudassir Aftab --- I am using following connector in Apache Tomcat/7.0.42 An error occurred during a connection to confidential.com:8443. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) CRITICAL - Cannot make SSL connection 140441642727072:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:724: HTTP CRITICAL - Error on receive root@confidential:/opt/tomcat7# I have tried 7.0.42 . 7.0.47 ,6.0.36 and 6.0.37 but nothing helped me yet. Can you please help me on this ? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55944] TLS v1.2 not working in Tomcat 6 and 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=55944 Chuck Caldarale changed: What|Removed |Added Resolution|WONTFIX |INVALID --- Comment #5 from Chuck Caldarale --- (In reply to Mudassir Aftab from comment #4) > before closing this, can you please confirm that any version of TOMCAT from > 6/7 support TLS 1.2 Of course it does. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55944] TLS v1.2 not working in Tomcat 6 and 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=55944 Mudassir Aftab changed: What|Removed |Added Resolution|INVALID |WONTFIX --- Comment #4 from Mudassir Aftab --- before closing this, can you please confirm that any version of TOMCAT from 6/7 support TLS 1.2 Mudassir -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=10&rev2=11 Comment: Notes on stricy naming ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash.|| ||Always add expires||Enabled by default. Disabled by property.||TBD||Netsacpe uses expires. RFC2109 uses Max-Age.||Allows either, none or both.|| ||/ is separator||Enabled by default. Disabled by property.||TBD||Netscape allowed in names and values. RFC2109 allowed in values if quoted.||Allowed in values.|| - ||Strict naming||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||Strict naming||Enabled by default. Disabled by property.||TBD||Netscape allows names the Servlet spec does not. RFC2109 is consistent with the Servlet spec.||Consistent with the Servlet spec.|| ||Allow name only||Disabled by default. Enabled by property.||TBD||Netscape allowed and equals sign expected before empty value. RFC2109 not allowed.||Allowed but equals sign required before empty value.|| Issues to add to the table above - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=9&rev2=10 Comment: Add name only cookie notes. ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||Allowed.|| ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash.|| ||Always add expires||Enabled by default. Disabled by property.||TBD||Netsacpe uses expires. RFC2109 uses Max-Age.||Allows either, none or both.|| - ||/ is separator||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||/ is separator||Enabled by default. Disabled by property.||TBD||Netscape allowed in names and values. RFC2109 allowed in values if quoted.||Allowed in values.|| ||Strict naming||Enabled by default. Disabled by property.||TBD||TBD||TBD|| - ||Allow name only||Disabled by default. Enabled by property.||TBD||TBD||TBD|| + ||Allow name only||Disabled by default. Enabled by property.||TBD||Netscape allowed and equals sign expected before empty value. RFC2109 not allowed.||Allowed but equals sign required before empty value.|| Issues to add to the table above - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55944] TLS v1.2 not working in Tomcat 6 and 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=55944 --- Comment #3 from Chuck Caldarale --- (In reply to Mudassir Aftab from comment #2) > TLS1.2 is working in Tomcat apache-tomcat-6.0.36 but it is > not working for me Which clearly indicates you're doing something wrong and should post your query on the support mailing list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=8&rev2=9 Comment: Add some notes on separators and expires/max-age == Parsing the Cookie header by Tomcat == ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Servlet + Netscape + RFC2109'''||'''Servlet + RFC 6265'''|| - ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed|| + ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed.|| ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||Not allowed.||Not allowed.|| - ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||Netscape - quotes are part of value||Quotes are not part of value|| + ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed.||TBD||Netscape - quotes are part of value.||Quotes are not part of value.|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||Allowed.|| - ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||TBD||TBD|| - ||Always add expires||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||Yes except semi-colon, comma and whitespace.||Never in names. Yes in values except semi-colon, comma and whitespace, double-quote and backslash.|| + ||Always add expires||Enabled by default. Disabled by property.||TBD||Netsacpe uses expires. RFC2109 uses Max-Age.||Allows either, none or both.|| ||/ is separator||Enabled by default. Disabled by property.||TBD||TBD||TBD|| ||Strict naming||Enabled by default. Disabled by property.||TBD||TBD||TBD|| ||Allow name only||Disabled by default. Enabled by property.||TBD||TBD||TBD|| - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: 8-bit text in cookie values
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26/12/2013 19:23, Jeremy Boynes wrote: > On Dec 26, 2013, at 2:47 AM, Mark Thomas wrote: > > Focusing on the 8-bit issue address by the patch, leaving the other > RFC6265 thread for broader discussion ... > >>> The change only allows these characters in values if version == >>> 0 where Netscape’s rather than RFC2109’s syntax applies (per >>> the Servlet spec). The Netscape spec is vague in that it does >>> not define “OPAQUE_STRING" at all and defines “VALUE” as >>> containing equally undefined “characters” although >>> historically[1] those have been taken to be OCTETs as permitted >>> by RFC2616’s “*TEXT” variant of “field-content.” The change >>> will continue to reject these characters in names and in >>> unquoted values when version != 0 (RFC2109’s “word" rule) >>> >>> [1] based on comments by Fielding et al. on http-state and >>> what I’ve seen in the wild >> >> Can you provide references for [1]? > > This is the mail in the run up to RFC6265 that triggered the > discussion: > http://www.ietf.org/mail-archive/web/http-state/current/msg01232.html Thanks > for that reference. What a complete mess. RFC6265 really dropped the ball on this. The grammar for cookie-value is a disaster. So far the issues include: - - no support for 0x80 to 0xFF - - no support for \" sequences - - no support for using whitespace, comma, semi-colon, backslash I was beginning to think that factoring out the cookie generation / parsing and then providing different implementations (one for Netscape + RFC2109 - roughly what we have now with a few fixes, one for RFC6265 and maybe one very relaxed) would be the way to go. Having looked at the first issue that plan already looks like it needs a re-think. I'm still hoping that by documenting all the various issues in one place we will be able to come up with a solution that both addresses all the issues you have raised and is better than the handful of system properties we have currently. Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSxEmLAAoJEBDAHFovYFnnyVcP+wfe+dxLyTEG856JW2NcyrBY j3iszFdsriJHqGnFOI3YWzKflF5h72oZjBL5cKQ5MozlF2Ycx+UHsPu2p6f1wpy8 d2T2frCwaXIULpqMdsMVMIEMZbVjwWdB9zYKKZAxZm1uhHUhqNyzsIG3rs/dTJrP Ytt9/hJCKEYEgFCNFCmDoCj4tWCkIFz/bdYb3D7kLe2AP/SF7rUrgkJgW9bF3/y+ BMZYUXIgBj1NZ0Ts9C7K/k8ngiWgpsCXiJos2b0lMU1ga9agadTTJU+2EJgrd9m9 NjVXlBMIraEbPp+Gj2WHPBuVMRhDKwTvyg7AnR0B1toEkqEK986YJU5wzOUHp/em KW8M81oCY6t+JdvVZ48rAjuFBsj8DQVCyjIOBUNYZ1e/oS68Wjt84c2/NZfPUtVr iCEWEgeUpb7fTwCQezn6+FdNu1urnuouaw/4szkRPruQKCBbh/ngLZ3PChuttozR QpePdcXIyG0XRSIB682UGyuZoUWFQQ3Ug67sC6rb9yKu3oOlaMg6Ii32UulGUczA SfoNIeQj2uz9pfqA79PqDY9Qkg7GcqvDQl7WKDb8tJ4Of+NAvh7affcm0Nvf+ldt 0hezWjhlhnSA9dowycSe7Z20OM+dWFXCwl3czMH0Ick4JX+QeqT8z9TDYKtDMYpq EXHhPslORjxfHCf4zNQ0 =gHjq -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55944] TLS v1.2 not working in Tomcat 6 and 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=55944 --- Comment #2 from Mudassir Aftab --- Hi Mark, This is not the support request, this is the a in tomcat, according to official forums, TLS1.2 is working in Tomcat apache-tomcat-6.0.36 but it is not working for me, i have applied many patches posted in this bugzilla but not nothing worked for me -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=7&rev2=8 Comment: Reviewed specs for BZ55920 and use of '=' ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Servlet + Netscape + RFC2109'''||'''Servlet + RFC 6265'''|| ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed|| ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||Not allowed.||Not allowed.|| - ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||TBD||TBD|| + ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||Netscape - quotes are part of value||Quotes are not part of value|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| - ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||TBD|| + ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||Allowed.|| ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||TBD||TBD|| ||Always add expires||Enabled by default. Disabled by property.||TBD||TBD||TBD|| ||/ is separator||Enabled by default. Disabled by property.||TBD||TBD||TBD|| - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55944] TLS v1.2 not working in Tomcat 6 and 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=55944 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #1 from Mark Thomas --- Bugzilla is not a support forum. Please use the Tomcat users mailing list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55944] TLS v1.2 not working in Tomcat 6 and 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=55944 Mudassir Aftab changed: What|Removed |Added Priority|P2 |P1 CC||withmudas...@gmail.com OS||Linux Severity|normal |blocker -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55944] New: TLS v1.2 not working in Tomcat 6 and 7
https://issues.apache.org/bugzilla/show_bug.cgi?id=55944 Bug ID: 55944 Summary: TLS v1.2 not working in Tomcat 6 and 7 Product: Tomcat 7 Version: 7.0.47 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: withmudas...@gmail.com Hi Guys, I need TLSv1.2 support for tomcat, can any one help me by providing TLS v1.2 patch, also where should i actually apply the patch, in JDK / Tomcat / Tomcat Native ?? Also what will be the preferable connector settings ? Regards, Mudassir Aftab -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=6&rev2=7 Comment: Reviewed specs for BZ55918 ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Servlet + Netscape + RFC2109'''||'''Servlet + RFC 6265'''|| ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed|| - ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||TBD||TBD|| + ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||Not allowed.||Not allowed.|| ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||TBD||TBD|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||TBD|| - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 53952] Add support for TLS 1.1 and 1.2
https://issues.apache.org/bugzilla/show_bug.cgi?id=53952 --- Comment #28 from Mudassir Aftab --- Comment on attachment 29433 --> https://issues.apache.org/bugzilla/attachment.cgi?id=29433 patch for tomcat trunk that adds support for newer TLS versions HI, This patch is not working for me /opt/apache-tomcat-7.0.47-src# patch -R < patch can't find file to patch at input line 5 Perhaps you should have used the -p or --strip option? The text leading up to this was: -- |Index: webapps/docs/config/http.xml |=== |--- webapps/docs/config/http.xml (revision 1392879) |+++ webapps/docs/config/http.xml (working copy) -- File to patch: webapps/docs/config/http.xml patching file webapps/docs/config/http.xml Hunk #1 succeeded at 1212 (offset 22 lines). can't find file to patch at input line 23 Perhaps you should have used the -p or --strip option? The text leading up to this was: -- |Index: webapps/docs/ssl-howto.xml |=== |--- webapps/docs/ssl-howto.xml (revision 1392879) |+++ webapps/docs/ssl-howto.xml (working copy) -- File to patch: webapps/docs/ssl-howto.xml patching file webapps/docs/ssl-howto.xml Unreversed patch detected! Ignore -R? [n] y Hunk #1 succeeded at 368 (offset -1 lines). can't find file to patch at input line 36 Perhaps you should have used the -p or --strip option? The text leading up to this was: -- |Index: java/org/apache/tomcat/jni/SSLContext.java |=== |--- java/org/apache/tomcat/jni/SSLContext.java (revision 1392879) |+++ java/org/apache/tomcat/jni/SSLContext.java (working copy) -- File to patch: java/org/apache/tomcat/jni/SSLContext.java patching file java/org/apache/tomcat/jni/SSLContext.java Unreversed patch detected! Ignore -R? [n] -R Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to file java/org/apache/tomcat/jni/SSLContext.java.rej can't find file to patch at input line 56 Perhaps you should have used the -p or --strip option? The text leading up to this was: -- |Index: java/org/apache/tomcat/jni/SSL.java |=== |--- java/org/apache/tomcat/jni/SSL.java(revision 1392879) |+++ java/org/apache/tomcat/jni/SSL.java(working copy) -- -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 53952] Add support for TLS 1.1 and 1.2
https://issues.apache.org/bugzilla/show_bug.cgi?id=53952 Mudassir Aftab changed: What|Removed |Added CC||withmudas...@gmail.com --- Comment #27 from Mudassir Aftab --- Comment on attachment 29433 --> https://issues.apache.org/bugzilla/attachment.cgi?id=29433 patch for tomcat trunk that adds support for newer TLS versions HI, This patch is not working for me /opt/apache-tomcat-7.0.47-src# patch -R < patch can't find file to patch at input line 5 Perhaps you should have used the -p or --strip option? The text leading up to this was: -- |Index: webapps/docs/config/http.xml |=== |--- webapps/docs/config/http.xml (revision 1392879) |+++ webapps/docs/config/http.xml (working copy) -- File to patch: webapps/docs/config/http.xml patching file webapps/docs/config/http.xml Hunk #1 succeeded at 1212 (offset 22 lines). can't find file to patch at input line 23 Perhaps you should have used the -p or --strip option? The text leading up to this was: -- |Index: webapps/docs/ssl-howto.xml |=== |--- webapps/docs/ssl-howto.xml (revision 1392879) |+++ webapps/docs/ssl-howto.xml (working copy) -- File to patch: webapps/docs/ssl-howto.xml patching file webapps/docs/ssl-howto.xml Unreversed patch detected! Ignore -R? [n] y Hunk #1 succeeded at 368 (offset -1 lines). can't find file to patch at input line 36 Perhaps you should have used the -p or --strip option? The text leading up to this was: -- |Index: java/org/apache/tomcat/jni/SSLContext.java |=== |--- java/org/apache/tomcat/jni/SSLContext.java (revision 1392879) |+++ java/org/apache/tomcat/jni/SSLContext.java (working copy) -- File to patch: java/org/apache/tomcat/jni/SSLContext.java patching file java/org/apache/tomcat/jni/SSLContext.java Unreversed patch detected! Ignore -R? [n] -R Apply anyway? [n] Skipping patch. 1 out of 1 hunk ignored -- saving rejects to file java/org/apache/tomcat/jni/SSLContext.java.rej can't find file to patch at input line 56 Perhaps you should have used the -p or --strip option? The text leading up to this was: -- |Index: java/org/apache/tomcat/jni/SSL.java |=== |--- java/org/apache/tomcat/jni/SSL.java(revision 1392879) |+++ java/org/apache/tomcat/jni/SSL.java(working copy) -- -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=5&rev2=6 Comment: Add more detail on 0x80 to 0xFF == Parsing the Cookie header by Tomcat == - ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Strict Servlet (Netscape + RFC2109)'''||'''RFC 6265'''|| + ||'''Issue'''||'''Current behaviour (8.0.0-RC10/7.0.50)'''||'''Proposed new behaviour'''||'''Servlet + Netscape + RFC2109'''||'''Servlet + RFC 6265'''|| - ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||TBD||TBD|| + ||0x80 to 0xFF in cookie value ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55917|Bug 55917]])||IAE||TBD||Netscape yes. RFC2109 requires quotes.||RFC 6265 never allowed|| ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||TBD||TBD|| ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||TBD||TBD|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| @@ -26, +26 @@ TODO: Need to define behaviour for each of the issues above. + == References == + + 1. [[http://www.ietf.org/mail-archive/web/http-state/current/msg01232.html|RFC6265 discussion on 0x80-0xFF]] + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "Cookies" by markt
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Cookies" page has been changed by markt: https://wiki.apache.org/tomcat/Cookies?action=diff&rev1=4&rev2=5 ||CTL allowed in quoted cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55918|Bug 55918]])||Allowed||TBD||TBD||TBD|| ||Quoted values in V0 cookies ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55920|Bug 55920]])||Quotes removed||TBD||TBD||TBD|| ||Raw JSON in cookie values ([[https://issues.apache.org/bugzilla/show_bug.cgi?id=55921|Bug 55921]])||TBD||TBD||TBD||TBD|| + ||Allow equals in value||Not by default. Allowed if property set.||TBD||Netscape is ambiguous. RFC2109 requires quoting.||TBD|| + ||Allow separators in V0 names and values||Not by default. Allowed if property set.||TBD||TBD||TBD|| + ||Always add expires||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||/ is separator||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||Strict naming||Enabled by default. Disabled by property.||TBD||TBD||TBD|| + ||Allow name only||Disabled by default. Enabled by property.||TBD||TBD||TBD|| Issues to add to the table above - * = character in cookie value * Any further issues raised on mailing lists - * Each of the issues for which a system property was created == Generating the Set-Cookie header by Tomcat == - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55943] Provide a way prevent looking at the System classloader before the webapp classloaders
https://issues.apache.org/bugzilla/show_bug.cgi?id=55943 --- Comment #1 from Mark Thomas --- If this change were to be implemented then it should be implemented the same way as the delegate flag since that controls a similar behaviour. I'd lean towards to boolean flag that simply disabled the code block (0.2) that checked the system class loader. Note that the system class loader is checked first to enforce the specification requirement that web applications must not be allowed to override Java SE platform classes. I'd hesitate before adding an option to disable this check because of the specification requirement. I wonder if there isn't a better solution to this issue. The system class loader might not be the best class loader to use here. It is really the bootstrap class loader that is required but you can't get a reference to that in some JREs - including Oracle's. The class loader hierarchy for an Oracle JVM is system->ext->bootstrap so using the ext class loader would work in that case. I'm thinking that rather than using the system class loader in this case the parent of the system class loader should be used (if it has one). That should both fix this issue and still enforce the specification requirement for not allowing the overriding of Java SE platformclasses. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 55943] New: Provide a way prevent looking at the System classloader before the webapp classloaders
https://issues.apache.org/bugzilla/show_bug.cgi?id=55943 Bug ID: 55943 Summary: Provide a way prevent looking at the System classloader before the webapp classloaders Product: Tomcat 7 Version: unspecified Hardware: PC OS: Linux Status: NEW Severity: enhancement Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: chris.d...@gmail.com I would like a way to prevent Tomcat from checking the System classloader before the webapp classloaders. This would be useful when using the embedded Tomact API to produce isolated servlet containers. I ran in to some difficulty with this when I was adding Tomcat support to the SBT (Simple Build Tool) plugin: https://github.com/JamesEarlDouglas/xsbt-web-plugin In particular I had an issue where SBT includes a version of the Scala standard library, on the system classpath, that has been run through Proguard. This was conflicting with web applications that were including their own version of the Scala standard library. I was eventually able to work around this using this hack: https://github.com/JamesEarlDouglas/xsbt-web-plugin/commit/f8a9b149f0c7c87d7b6e8f862c493841d82ad90a However, it would be nice if there was a way to accomplish this that didn't involve such a hack. I would be happy to submit a patch for this. However, I would like some guidence on how the API should be changed to accomplish this. Perhaps a new flag on the WebappLoader class? Thanks -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
