Unable to transfer file above 60mb in Tomcat
Dear team, I have a file copy application, that run between tomcat server and java client. Its copy file from server end to paste at client end. At server end code written in Servlet file. Its read file data and file name from file. And storing it into String object and send it to client in response. At server end we are creating file using above data and file name. I have shared code snipped below. -- Server end -- -- File fromFolderSec = new File("folder path"); File[] sendfile = fromFolderSec.listFiles(); File[] var28 = sendfile; String filesContent = null; File file = sendfile[0]; String currFileName = file.getName(); try { filesName.add(file.getName()); FileInputStream fis = new FileInputStream(file); int arraysize = fis.available(); StringBuffer sb = new StringBuffer(); int i; for(i = 0; i < arraysize; ++i) { sb.append((char)fis.read()); } filesContent.add(sb.toString()); fis.close(); } catch (StringIndexOutOfBoundsException var36) { System.out.println( " Exception occurred while sending file: Exc=" + var36.getMessage()); } ---Client end - File toFolderSec = new File("Folder path"); try { File ffile = null; File tempFolder = new File(toFolderSec.getPath()); ffile = new File(toFolderSec.getPath() + "//" + currFileName); BufferedWriter bw = new BufferedWriter(new FileWriter(ffile)); String data = filesContent.get(0); bw.write(data); bw.flush(); bw.close(); } catch (Exception var36) { System.out.println( " Exception Exc=" + var36.getMessage()); } --- This code was working fine on HPunix. Recently we have migrated our server to IBM Linux1. After migration application getting stuck while sending file size more than 60mb. Below 60mb its working fine. Some error file has gerated in tomcat/bin folder Out of that sharing one file details below File name -- javacore.20220427.122826.201959.0012.txt 1TISIGINFO Dump Event "systhrow" (0004) Detail "java/lang/OutOfMemoryError" "Java heap space" received 1CIUSERLIMITS User Limits (in bytes except for NOFILE and NPROC) NULL NULL typesoft limit hard limit 2CIUSERLIMIT RLIMIT_ASunlimited unlimited 2CIUSERLIMIT RLIMIT_CORE unlimited unlimited 2CIUSERLIMIT RLIMIT_CPU unlimited unlimited 2CIUSERLIMIT RLIMIT_DATA unlimited unlimited 2CIUSERLIMIT RLIMIT_FSIZE unlimited unlimited 2CIUSERLIMIT RLIMIT_LOCKS unlimited unlimited 2CIUSERLIMIT RLIMIT_MEMLOCK 65536 65536 2CIUSERLIMIT RLIMIT_NOFILE10240 10240 2CIUSERLIMIT RLIMIT_NPROC 4096 180193 2CIUSERLIMIT RLIMIT_RSS unlimited unlimited 2CIUSERLIMIT RLIMIT_STACK 838860800 838860800 2CIUSERLIMIT RLIMIT_MSGQUEUE 819200 819200 2CIUSERLIMIT RLIMIT_NICE 0 0 2CIUSERLIMIT RLIMIT_RTPRIO0 0 2CIUSERLIMIT RLIMIT_SIGPENDING55347 55347 0SECTION NATIVEMEMINFO subcomponent dump routine NULL = 0MEMUSER 1MEMUSER JRE: 1,085,352,584 bytes / 20226 allocations 1MEMUSER | 2MEMUSER +--VM: 798,286,440 bytes / 16812 allocations 2MEMUSER | | 3MEMUSER | +--Classes: 30,652,464 bytes / 889 allocations 2MEMUSER | | 3MEMUSER | +--Memory Manager (GC): 549,215,240 bytes / 783 allocations 3MEMUSER | | | 4MEMUSER | | +--Java Heap: 536,932,352 bytes / 1 allocation 3MEMUSER | | | 4MEMUSER | | +--Other: 12,282,888 bytes / 782 allocations 2MEMUSER | | 3MEMUSER | +--Threads: 16,317,048 bytes / 257 allocations 3MEMUSER | | | 4MEMUSER | | +--Java Stack: 398,744 bytes / 35 allocations 3MEMUSER | | | 4MEMUSER | | +--Native Stack: 15,597,568 bytes / 36 allocations 3MEMUSER | | | 4MEMUSER | | +--Other: 320,736 bytes / 186 allocations 2MEMUSER | | 3MEMUSER | +--Trace: 730,496 bytes / 2948 allocations 2MEMUSER | | 3MEMUSER | +--JVMTI: 17,776 bytes / 13 allocations 2MEMUSER
Re: Unable to start Tomcat 10.0.4
> I suggest you have a read here: > https://tomcat.apache.org/tomcat-10.0-doc/config/http.html#SSL_Support > The documentation covers the details you need to correctly configure Tomcat > and SSL and links to a related page about SSL configuration. > Notice the line: > Each secure connector must define at least one *SSLHostConfig*. The names > of the *SSLHostConfig* elements must be unique and one of them must match > the defaultSSLHostConfigName attribute of the *Connector*. Thank you all Issue has been resolved after configuring SSLHostConfig On Tue, Mar 16, 2021 at 12:42 PM wrote: > > If you look at the stack trace, it tells you what the problem is: > > > Caused by: java.lang.IllegalArgumentException: No SSLHostConfig > > element was found with the hostName [_default_] to match the > > defaultSSLHostConfigName for the connector [https-openssl-nio-8443] > > > So it no longer looks like you are hitting a port in use issue. > Please suggest what configuration need to do. To remove this error. It > will be very helpful for us. > > > On Tue, Mar 16, 2021 at 12:01 PM wrote: > > > > Please provide full stacktrace > > Please find full catlina log and I have already shared server.xml in > trail > > mail > > > > 16-Mar-2021 21:26:54.263 WARNING [main] > > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > > [Server/Service/Connector] failed to set property [compressableMimeType] > > to > > > > > > [text/html,text/xml,text/javascript,application/x-javascript,application/javascript] > > 16-Mar-2021 21:26:54.269 WARNING [main] > > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > > [Server/Service/Connector] failed to set property [clientAuth] to > [false] > > 16-Mar-2021 21:26:54.270 WARNING [main] > > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > > [Server/Service/Connector] failed to set property [sslProtocol] to [TLS] > > 16-Mar-2021 21:26:54.270 WARNING [main] > > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > > [Server/Service/Connector] failed to set property [sslEnabledProtocols] > to > > [TLSv1.2,TLSv1.1] > > 16-Mar-2021 21:26:54.270 WARNING [main] > > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > > [Server/Service/Connector] failed to set property > > [allowUnsafeLegacyRenegotiation] to [false] > > 16-Mar-2021 21:26:54.270 WARNING [main] > > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > > [Server/Service/Connector] failed to set property [ciphers] to > > [TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA] > > 16-Mar-2021 21:26:54.271 WARNING [main] > > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > > [Server/Service/Connector] failed to set property [keystoreFile] to > > [/conf/eNotice.key] > > 16-Mar-2021 21:26:54.272 WARNING [main] > > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > > [Server/Service/Connector] failed to set property [keystorePass] to > > [eNotice@1] > > 16-Mar-2021 21:26:54.306 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log Server version > name: > > Apache Tomcat/10.0.4 > > 16-Mar-2021 21:26:54.307 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log Server built: Mar > > 5 2021 11:07:15 UTC > > 16-Mar-2021 21:26:54.307 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log Server version > > number: 10.0.4.0 > > 16-Mar-2021 21:26:54.307 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log OS Name: Windows > > 10 > > 16-Mar-2021 21:26:54.307 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log OS Version: 10.0 > > 16-Mar-2021 21:26:54.308 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log Architecture: x86 > > 16-Mar-2021 21:26:54.308 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log Java Home: > > C:\Program Files (x86)\Java\jdk1.8.0_271\jre > > 16-Mar-2021 21:26:54.308 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log JVM Version: > > 1.8.0_271-b09 > > 16-Mar-2021 21:26:54.308 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle > > Corporation > > 16-Mar-2021 21:26:54.309 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: > > D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4 > > 16-Mar-2021 21:26:54.309 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: > > D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4 > > 16-Mar-2021 21:26:54.310 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log Command line > > argument: > > > > > > -Djava.util.logging.config.file=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4\conf\logging.properties > > 16-Mar-2021 21:26:54.310 INFO [main] > > org.apache.catalina.startup.VersionLoggerListener.log Command line > > argument: > > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > > 16-Mar-2021 21:26:54.311 INFO [main] > >
Re: Unable to start Tomcat 10.0.4
> If you look at the stack trace, it tells you what the problem is: > Caused by: java.lang.IllegalArgumentException: No SSLHostConfig > element was found with the hostName [_default_] to match the > defaultSSLHostConfigName for the connector [https-openssl-nio-8443] > So it no longer looks like you are hitting a port in use issue. Please suggest what configuration need to do. To remove this error. It will be very helpful for us. On Tue, Mar 16, 2021 at 12:01 PM wrote: > > Please provide full stacktrace > Please find full catlina log and I have already shared server.xml in trail > mail > > 16-Mar-2021 21:26:54.263 WARNING [main] > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > [Server/Service/Connector] failed to set property [compressableMimeType] > to > > [text/html,text/xml,text/javascript,application/x-javascript,application/javascript] > 16-Mar-2021 21:26:54.269 WARNING [main] > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > [Server/Service/Connector] failed to set property [clientAuth] to [false] > 16-Mar-2021 21:26:54.270 WARNING [main] > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > [Server/Service/Connector] failed to set property [sslProtocol] to [TLS] > 16-Mar-2021 21:26:54.270 WARNING [main] > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > [Server/Service/Connector] failed to set property [sslEnabledProtocols] to > [TLSv1.2,TLSv1.1] > 16-Mar-2021 21:26:54.270 WARNING [main] > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > [Server/Service/Connector] failed to set property > [allowUnsafeLegacyRenegotiation] to [false] > 16-Mar-2021 21:26:54.270 WARNING [main] > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > [Server/Service/Connector] failed to set property [ciphers] to > [TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA] > 16-Mar-2021 21:26:54.271 WARNING [main] > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > [Server/Service/Connector] failed to set property [keystoreFile] to > [/conf/eNotice.key] > 16-Mar-2021 21:26:54.272 WARNING [main] > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match > [Server/Service/Connector] failed to set property [keystorePass] to > [eNotice@1] > 16-Mar-2021 21:26:54.306 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Server version name: > Apache Tomcat/10.0.4 > 16-Mar-2021 21:26:54.307 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Server built: Mar > 5 2021 11:07:15 UTC > 16-Mar-2021 21:26:54.307 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Server version > number: 10.0.4.0 > 16-Mar-2021 21:26:54.307 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log OS Name: Windows > 10 > 16-Mar-2021 21:26:54.307 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log OS Version: 10.0 > 16-Mar-2021 21:26:54.308 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Architecture: x86 > 16-Mar-2021 21:26:54.308 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Java Home: > C:\Program Files (x86)\Java\jdk1.8.0_271\jre > 16-Mar-2021 21:26:54.308 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log JVM Version: > 1.8.0_271-b09 > 16-Mar-2021 21:26:54.308 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle > Corporation > 16-Mar-2021 21:26:54.309 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: > D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4 > 16-Mar-2021 21:26:54.309 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: > D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4 > 16-Mar-2021 21:26:54.310 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Command line > argument: > > -Djava.util.logging.config.file=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4\conf\logging.properties > 16-Mar-2021 21:26:54.310 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Command line > argument: > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > 16-Mar-2021 21:26:54.311 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Command line > argument: -Djdk.tls.ephemeralDHKeySize=2048 > 16-Mar-2021 21:26:54.311 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Command line > argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources > 16-Mar-2021 21:26:54.311 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Command line > argument: -Dignore.endorsed.dirs= > 16-Mar-2021 21:26:54.312 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Command line > argument: -Dcatalina.base=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4 > 16-Mar-2021 21:26:54.312 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Command line > argument:
Re: Unable to start Tomcat 10.0.4
> Please provide full stacktrace Please find full catlina log and I have already shared server.xml in trail mail 16-Mar-2021 21:26:54.263 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [compressableMimeType] to [text/html,text/xml,text/javascript,application/x-javascript,application/javascript] 16-Mar-2021 21:26:54.269 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [clientAuth] to [false] 16-Mar-2021 21:26:54.270 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [sslProtocol] to [TLS] 16-Mar-2021 21:26:54.270 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [sslEnabledProtocols] to [TLSv1.2,TLSv1.1] 16-Mar-2021 21:26:54.270 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [allowUnsafeLegacyRenegotiation] to [false] 16-Mar-2021 21:26:54.270 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [ciphers] to [TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA] 16-Mar-2021 21:26:54.271 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keystoreFile] to [/conf/eNotice.key] 16-Mar-2021 21:26:54.272 WARNING [main] org.apache.tomcat.util.digester.SetPropertiesRule.begin Match [Server/Service/Connector] failed to set property [keystorePass] to [eNotice@1] 16-Mar-2021 21:26:54.306 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name: Apache Tomcat/10.0.4 16-Mar-2021 21:26:54.307 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Mar 5 2021 11:07:15 UTC 16-Mar-2021 21:26:54.307 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 10.0.4.0 16-Mar-2021 21:26:54.307 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Windows 10 16-Mar-2021 21:26:54.307 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 10.0 16-Mar-2021 21:26:54.308 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: x86 16-Mar-2021 21:26:54.308 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home: C:\Program Files (x86)\Java\jdk1.8.0_271\jre 16-Mar-2021 21:26:54.308 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.8.0_271-b09 16-Mar-2021 21:26:54.308 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation 16-Mar-2021 21:26:54.309 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE: D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4 16-Mar-2021 21:26:54.309 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME: D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4 16-Mar-2021 21:26:54.310 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4\conf\logging.properties 16-Mar-2021 21:26:54.310 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 16-Mar-2021 21:26:54.311 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048 16-Mar-2021 21:26:54.311 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources 16-Mar-2021 21:26:54.311 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs= 16-Mar-2021 21:26:54.312 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4 16-Mar-2021 21:26:54.312 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4 16-Mar-2021 21:26:54.312 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4\temp 16-Mar-2021 21:26:54.348 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.26] using APR version [1.7.0]. 16-Mar-2021 21:26:54.348 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true]. 16-Mar-2021
Re: Unable to start Tomcat 10.0.4
>> Your more recent exception log didn't include the "caused by" exception > -- >> which is the actual failure details. Double-check that and make sure > it's >> the same issue. >> >> Also, use netstat to confirm you aren't using the ports already. > Changing >> it may just find another conflict (although less likely). The first > error >> was quite clear about the port being unavailable. >> >> How are you starting Tomcat? Are you somehow starting it twice? > I start tomcat click on batch file. I have changed port 80 to 81 please > find both log below. Unable to find any port (80, 81, 443) in netstat. > Please suggest where I am doing wrong > > Old log with port 80 and 443 > 16-Mar-2021 16:45:44.410 INFO [main] > org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL > successfully initialized [OpenSSL 1.1.1i 8 Dec 2020] > 16-Mar-2021 16:45:44.704 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["http-nio-80"] > 16-Mar-2021 16:45:44.716 SEVERE [main] > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to > initialize component [Connector[null-80]] > org.apache.catalina.LifecycleException: Protocol handler > initialization failed > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardService.initInternal(StandardService.java:558) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > New log with change port 81 and 443 > 16-Mar-2021 20:16:06.094 INFO [main] > org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL > successfully initialized [OpenSSL 1.1.1i 8 Dec 2020] > 16-Mar-2021 20:16:06.380 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["http-nio-81"] > 16-Mar-2021 20:16:06.411 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["https-openssl-nio-443"] > 16-Mar-2021 20:16:06.413 SEVERE [main] > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to > initialize component > [Connector[org.apache.coyote.http11.Http11NioProtocol-443]] > org.apache.catalina.LifecycleException: Protocol handler > initialization failed > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.core.StandardService.initInternal(StandardService.java:558) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > > On Tue, Mar 16, 2021 at 9:38 AM wrote: > >>> Deepak, >>> You already have some service listening on port 80 (IIS maybe?) >>> >>> >>> from mobile (sorry for typos ;) >>> >>> We have changed the port still getting same error >>> Maybe you have the same port configured twice in your conf/server.xml? >>> Please post *all* elements from your conf/server.xml file, >>> being careful to remove any secrets from your configuration. >> -chris >> please find conf/server.xml file >> >> >> >> className="org.apache.catalina.startup.VersionLoggerListener" >> /> >>> SSLEngine="on" /> >>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> >>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" > /> >>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" > /> >> >> >type="org.apache.catalina.UserDatabase" >>description="User database that can be updated and saved" >> factory="org.apache.catalina.users.MemoryUserDatabaseFactory" >>pathname="conf/tomcat-users.xml" /> >> >> >> > maxThreads="150" minSpareThreads="25" >> enableLookups="false" redirectPort="445" acceptCount="100" >> connectionTimeout="302000" > disableUploadTimeout="true" >> compression="on" compressionMinSize="2048" >> noCompressionUserAgents="gozilla, traviata" >> > compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,application/javascript" >> server=" " /> >> ="org.apache.coyote.http11.Http11NioProtocol" >> port="445" maxHttpHeaderSize="8192" maxThreads="150" >> minSpareThreads="25" > enableLookups="false" >> disableUploadTimeout="true" acceptCount="100" scheme="https" > secure="true" >> clientAuth="false" sslProtocol="TLS" >> sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true" >> allowUnsafeLegacyRenegotiation="false" >> ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA" >> keystoreFile="/conf/abc.key" >> keystorePass="changeit" server=" " /> >> >> >> >
Re: Unable to start Tomcat 10.0.4
> Your more recent exception log didn't include the "caused by" exception -- > which is the actual failure details. Double-check that and make sure it's > the same issue. > > Also, use netstat to confirm you aren't using the ports already. Changing > it may just find another conflict (although less likely). The first error > was quite clear about the port being unavailable. > > How are you starting Tomcat? Are you somehow starting it twice? I start tomcat click on batch file. I have changed port 80 to 81 please find both log below. Unable to find any port (80, 81, 443) in netstat. Please suggest where I am doing wrong Old log with port 80 and 443 16-Mar-2021 16:45:44.410 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1i 8 Dec 2020] 16-Mar-2021 16:45:44.704 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-80"] 16-Mar-2021 16:45:44.716 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[null-80]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:558) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) New log with change port 81 and 443 16-Mar-2021 20:16:06.094 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1i 8 Dec 2020] 16-Mar-2021 20:16:06.380 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-81"] 16-Mar-2021 20:16:06.411 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-443"] 16-Mar-2021 20:16:06.413 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[org.apache.coyote.http11.Http11NioProtocol-443]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:558) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) On Tue, Mar 16, 2021 at 9:38 AM wrote: > > Deepak, > > You already have some service listening on port 80 (IIS maybe?) > > > > > > from mobile (sorry for typos ;) > > > > We have changed the port still getting same error > > > Maybe you have the same port configured twice in your conf/server.xml? > > > Please post *all* elements from your conf/server.xml file, > > being careful to remove any secrets from your configuration. > > -chris > please find conf/server.xml file > > > >/> >SSLEngine="on" /> >className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> >className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> >className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> > >type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved" > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > pathname="conf/tomcat-users.xml" /> > > > maxThreads="150" minSpareThreads="25" > enableLookups="false" redirectPort="445" acceptCount="100" >connectionTimeout="302000" disableUploadTimeout="true" > compression="on" compressionMinSize="2048" > noCompressionUserAgents="gozilla, traviata" > compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,application/javascript" > > server=" " /> > port="445" maxHttpHeaderSize="8192" maxThreads="150" > minSpareThreads="25" enableLookups="false" > disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true" > allowUnsafeLegacyRenegotiation="false" > ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA" > keystoreFile="/conf/abc.key" > keystorePass="changeit" server=" " /> > > > resourceName="UserDatabase"/> > >unpackWARs="true" autoDeploy="true"> > directory="logs" >prefix="localhost_access_log" suffix=".txt" >pattern="%h %l %u %t %r %s %b" /> > > > > > > >
Re: Unable to start Tomcat 10.0.4
> Deepak, > You already have some service listening on port 80 (IIS maybe?) > > > from mobile (sorry for typos ;) > > We have changed the port still getting same error > Maybe you have the same port configured twice in your conf/server.xml? > Please post *all* elements from your conf/server.xml file, > being careful to remove any secrets from your configuration. -chris please find conf/server.xml file > 16-Mar-2021 18:09:38.299 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["http-nio-81"] > 16-Mar-2021 18:09:38.363 INFO [main] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["https-openssl-nio-445"] > 16-Mar-2021 18:09:38.364 SEVERE [main] > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to > initialize component > [Connector[org.apache.coyote.http11.Http11NioProtocol-445]] > org.apache.catalina.LifecycleException: Protocol handler > initialization failed > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) > > On Tue, Mar 16, 2021, 18:36 wrote: > >> Dear All, >> >> Unable to start tomcat 10.0.4 and getting error Failed to initialize >> component. >> /conf/server.xml configuration as below. >> >> > minSpareThreads="25" enableLookups="false" redirectPort="443" >> acceptCount="100" >> connectionTimeout="302000" > disableUploadTimeout="true" >> compression="on" compressionMinSize="2048" >> noCompressionUserAgents="gozilla, traviata" >> >> > compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,application/javascript" >> >> server=" " /> >> >> ="org.apache.coyote.http11.Http11NioProtocol" >> port="443" maxHttpHeaderSize="8192" maxThreads="150" >> minSpareThreads="25" > enableLookups="false" >> disableUploadTimeout="true" acceptCount="100" scheme="https" > secure="true" >> clientAuth="false" sslProtocol="TLS" >> sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true" >> allowUnsafeLegacyRenegotiation="false" >> ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA" >> keystoreFile="/conf/abc.key" >> keystorePass="changeit" server=" " /> >> >> >> Getting below error in catalina log >> >> Server version name: Apache Tomcat/10.0.4 >> Server built: Mar 5 2021 11:07:15 UTC >> Server version number: 10.0.4.0 >> OS Name: Windows 10 >> OS Version:10.0 >> Architecture: x86 >> Java Home: C:\Program Files (x86)\Java\jdk1.8.0_271\jre >> JVM Version: 1.8.0_271-b09 >> JVM Vendor:Oracle Corporation >> CATALINA_BASE: D:\apache-tomcat-10.0.4 >> CATALINA_HOME: D:\apache-tomcat-10.0.4 >> Command line argument: >> >> > -Djava.util.logging.config.file=D:\apache-tomcat-10.0.4\conf\logging.properties >> Command line argument: >> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager >> Command line argument: -Djdk.tls.ephemeralDHKeySize=2048 >> Command line argument: >> -Djava.protocol.handler.pkgs=org.apache.catalina.webresources >> Command line argument: -Dignore.endorsed.dirs= >> Command line argument: -Dcatalina.base=D:\apache-tomcat-10.0.4 >> Command line argument: -Dcatalina.home=D:\apache-tomcat-10.0.4 >> Command line argument: -Djava.io.tmpdir=D:\apache-tomcat-10.0.4\temp >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded > Apache >> Tomcat Native library [1.2.26] using APR version [1.7.0]. >> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR >> capabilities: IPv6 [true], sendfile [true], accept filters [false], > random >> [true], UDS [true]. >> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL >> successfully initialized [OpenSSL 1.1.1i 8 Dec 2020] >> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler >> ["http-nio-80"] >> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to >> initialize component [Connector[null-80]] >> org.apache.catalina.LifecycleException: Protocol handler >> initialization failed >> at >> > org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) >> at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) >> at >> >> > org.apache.catalina.core.StandardService.initInternal(StandardService.java:558) >> at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) >> at >> >> > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045) >> at >> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) >> at >>
Re: Unable to start Tomcat 10.0.4
You already have some service listening on port 80 (IIS maybe?) from mobile (sorry for typos ;) We have changed the port still getting same error 16-Mar-2021 18:09:38.299 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-81"] 16-Mar-2021 18:09:38.363 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-445"] 16-Mar-2021 18:09:38.364 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[org.apache.coyote.http11.Http11NioProtocol-445]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) On Tue, Mar 16, 2021, 18:36 wrote: > Dear All, > > Unable to start tomcat 10.0.4 and getting error Failed to initialize > component. > /conf/server.xml configuration as below. > > minSpareThreads="25" enableLookups="false" redirectPort="443" > acceptCount="100" >connectionTimeout="302000" disableUploadTimeout="true" > compression="on" compressionMinSize="2048" > noCompressionUserAgents="gozilla, traviata" > > compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,application/javascript" > > server=" " /> > > port="443" maxHttpHeaderSize="8192" maxThreads="150" > minSpareThreads="25" enableLookups="false" > disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true" > allowUnsafeLegacyRenegotiation="false" > ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA" > keystoreFile="/conf/abc.key" > keystorePass="changeit" server=" " /> > > > Getting below error in catalina log > > Server version name: Apache Tomcat/10.0.4 > Server built: Mar 5 2021 11:07:15 UTC > Server version number: 10.0.4.0 > OS Name: Windows 10 > OS Version:10.0 > Architecture: x86 > Java Home: C:\Program Files (x86)\Java\jdk1.8.0_271\jre > JVM Version: 1.8.0_271-b09 > JVM Vendor:Oracle Corporation > CATALINA_BASE: D:\apache-tomcat-10.0.4 > CATALINA_HOME: D:\apache-tomcat-10.0.4 > Command line argument: > > -Djava.util.logging.config.file=D:\apache-tomcat-10.0.4\conf\logging.properties > Command line argument: > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > Command line argument: -Djdk.tls.ephemeralDHKeySize=2048 > Command line argument: > -Djava.protocol.handler.pkgs=org.apache.catalina.webresources > Command line argument: -Dignore.endorsed.dirs= > Command line argument: -Dcatalina.base=D:\apache-tomcat-10.0.4 > Command line argument: -Dcatalina.home=D:\apache-tomcat-10.0.4 > Command line argument: -Djava.io.tmpdir=D:\apache-tomcat-10.0.4\temp > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache > Tomcat Native library [1.2.26] using APR version [1.7.0]. > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR > capabilities: IPv6 [true], sendfile [true], accept filters [false], random > [true], UDS [true]. > org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL > successfully initialized [OpenSSL 1.1.1i 8 Dec 2020] > org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler > ["http-nio-80"] > org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to > initialize component [Connector[null-80]] > org.apache.catalina.LifecycleException: Protocol handler > initialization failed > at > org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > > org.apache.catalina.core.StandardService.initInternal(StandardService.java:558) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > > org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045) > at > org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:747) > at > org.apache.catalina.startup.Catalina.load(Catalina.java:769) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) > at > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) >
Unable to start Tomcat 10.0.4
Dear All, Unable to start tomcat 10.0.4 and getting error Failed to initialize component. /conf/server.xml configuration as below. Getting below error in catalina log Server version name: Apache Tomcat/10.0.4 Server built: Mar 5 2021 11:07:15 UTC Server version number: 10.0.4.0 OS Name: Windows 10 OS Version:10.0 Architecture: x86 Java Home: C:\Program Files (x86)\Java\jdk1.8.0_271\jre JVM Version: 1.8.0_271-b09 JVM Vendor:Oracle Corporation CATALINA_BASE: D:\apache-tomcat-10.0.4 CATALINA_HOME: D:\apache-tomcat-10.0.4 Command line argument: -Djava.util.logging.config.file=D:\apache-tomcat-10.0.4\conf\logging.properties Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager Command line argument: -Djdk.tls.ephemeralDHKeySize=2048 Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources Command line argument: -Dignore.endorsed.dirs= Command line argument: -Dcatalina.base=D:\apache-tomcat-10.0.4 Command line argument: -Dcatalina.home=D:\apache-tomcat-10.0.4 Command line argument: -Djava.io.tmpdir=D:\apache-tomcat-10.0.4\temp org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.26] using APR version [1.7.0]. org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true]. org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1i 8 Dec 2020] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-80"] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[null-80]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:558) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.startup.Catalina.load(Catalina.java:747) at org.apache.catalina.startup.Catalina.load(Catalina.java:769) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472) Caused by: java.net.BindException: Address already in use: bind at sun.nio.ch.Net.bind0(Native Method) at sun.nio.ch.Net.bind(Net.java:444) at sun.nio.ch.Net.bind(Net.java:436) at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:225) at org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:243) at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:198) at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1175) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1188) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580) at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:82) at org.apache.catalina.connector.Connector.initInternal(Connector.java:1052) ... 13 more 16-Mar-2021 16:45:44.717 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["https-openssl-nio-443"] 16-Mar-2021 16:45:44.723 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[org.apache.coyote.http11.Http11NioProtocol-443]] org.apache.catalina.LifecycleException: Protocol handler initialization failed at org.apache.catalina.connector.Connector.initInternal(Connector.java:1055) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:558) Thanks & Regards Deepak Kumar "Disclaimer and confidentiality clause - This message and any
RE: Error parsing HTTP request header
May I know the tomcat version please. - It is apache-tomcat-8.0.41 -Original Message- From: dku...@ccilindia.co.in [mailto:dku...@ccilindia.co.in] Sent: 26 February 2020 19:01 To: 'Tomcat Users List' Subject: Error parsing HTTP request header Dear Team, We are getting below error in catelina log while starting the tomcat. 26-Feb-2020 18:57:36.795 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 21520 ms 26-Feb-2020 18:57:38.277 INFO [http-nio-443-exec-11] org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP request header Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986 at org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNio InputBuffer.java:283) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce ssor.java:1017) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac tProtocol.java:684) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.jav a:1524) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java: 1480) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:11 49) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:6 24) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.ja va:61) at java.lang.Thread.run(Thread.java:748) Will this impact any performance of our tomcat. Thanks & Regards Deepak Kumar CCIL - IT 022-61546230 CIN of CCIL- U65990MH2001PLC131804 "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."
Error parsing HTTP request header
Dear Team, We are getting below error in catelina log while starting the tomcat. 26-Feb-2020 18:57:36.795 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 21520 ms 26-Feb-2020 18:57:38.277 INFO [http-nio-443-exec-11] org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP request header Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986 at org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:283) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1017) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1524) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1480) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) Will this impact any performance of our tomcat. Thanks & Regards Deepak Kumar CCIL - IT 022-61546230 CIN of CCIL- U65990MH2001PLC131804 "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."
Re: Unable to start tomcat
Dear Jason, Thank you for link. As per below link. I have started our Window Server and problem has been resolved. We are able to start our tomcat. But my worry is, I am unable to find out Root Cause of problem. And how to handle it in future. Do we have any way to monitor buffer space or queue size or do we have any other way to free buffer space or queue size without starting the window server. --- have you try google? https://stackoverflow.com/questions/4415175/an-operation-on-a-socket-could-not-be-performed-because-the-system-lacked-suffi On Wed, Feb 26, 2020 at 2:47 PM wrote: > > Dear Jason, > > Thank for your reply. I am unable to understand below hint. Will you > please help me out. What action should I take to start my tomcat. And how > I can see my buffer space or queue size. > > -- > This looks informative and should give u hint and where you should > begin troubleshooting. > > org.apache.tomcat.jni.Error: 730055: An operation on a socket could not > be performed because the system lacked sufficient buffer space or because > a queue was full. > > On Wed, Feb 26, 2020 at 2:30 PM wrote: > > > > Dear Team > > > > I have updated JRE from jre1.8.0_25 to jre1.8.0_211 on my window server > > 2012. and My tomcat version is apache-tomcat-8.0.41. > > It was running fine last 6 hours but now I am getting error while > stating > > the tomcat > > > > 26-Feb-2020 11:22:23.600 SEVERE [main] > > org.apache.tomcat.util.net.AprEndpoint.allocatePoller Poller creation > > failed > > org.apache.tomcat.jni.Error: 730055: An operation on a socket could not > > be performed because the system lacked sufficient buffer space or > because > > a queue was full. > > at org.apache.tomcat.jni.Poll.create(Native Method) > > at > > > org.apache.tomcat.util.net.AprEndpoint.allocatePoller(AprEndpoint.java:881) > > at > > > org.apache.tomcat.util.net.AprEndpoint$Poller.init(AprEndpoint.java:1431) > > at > > > org.apache.tomcat.util.net.AprEndpoint.startInternal(AprEndpoint.java:707) > > at > > > org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:828) > > at > > org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:491) > > at > > > org.apache.catalina.connector.Connector.startInternal(Connector.java:986) > > at > > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) > > at > > > org.apache.catalina.core.StandardService.startInternal(StandardService.java:459) > > at > > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) > > at > > > org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:789) > > at > > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) > > at org.apache.catalina.startup.Catalina.start(Catalina.java:629) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > > > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:483) > > at > org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:351) > > at > org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:485) > > > > Please suggest . > > > > Thanks & Regards > > Deepak Kumar > > CCIL - IT > > 022-61546230 > > CIN of CCIL- U65990MH2001PLC131804 "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."
Re: Unable to start tomcat
Dear Jason, Thank for your reply. I am unable to understand below hint. Will you please help me out. What action should I take to start my tomcat. And how I can see my buffer space or queue size. -- This looks informative and should give u hint and where you should begin troubleshooting. org.apache.tomcat.jni.Error: 730055: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full. On Wed, Feb 26, 2020 at 2:30 PM wrote: > > Dear Team > > I have updated JRE from jre1.8.0_25 to jre1.8.0_211 on my window server > 2012. and My tomcat version is apache-tomcat-8.0.41. > It was running fine last 6 hours but now I am getting error while stating > the tomcat > > 26-Feb-2020 11:22:23.600 SEVERE [main] > org.apache.tomcat.util.net.AprEndpoint.allocatePoller Poller creation > failed > org.apache.tomcat.jni.Error: 730055: An operation on a socket could not > be performed because the system lacked sufficient buffer space or because > a queue was full. > at org.apache.tomcat.jni.Poll.create(Native Method) > at > org.apache.tomcat.util.net.AprEndpoint.allocatePoller(AprEndpoint.java:881) > at > org.apache.tomcat.util.net.AprEndpoint$Poller.init(AprEndpoint.java:1431) > at > org.apache.tomcat.util.net.AprEndpoint.startInternal(AprEndpoint.java:707) > at > org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:828) > at > org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:491) > at > org.apache.catalina.connector.Connector.startInternal(Connector.java:986) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) > at > org.apache.catalina.core.StandardService.startInternal(StandardService.java:459) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) > at > org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:789) > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) > at org.apache.catalina.startup.Catalina.start(Catalina.java:629) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:483) > at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:351) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:485) > > Please suggest . > > Thanks & Regards > Deepak Kumar > CCIL - IT > 022-61546230 > CIN of CCIL- U65990MH2001PLC131804 > "Disclaimer and confidentiality clause - > This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. > The message may contain information that is confidential and subject to legal privilege. > Any views expressed in this message are those of the individual sender. > If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . > If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. > CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. > CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments." - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting
Unable to start tomcat
Dear Team I have updated JRE from jre1.8.0_25 to jre1.8.0_211 on my window server 2012. and My tomcat version is apache-tomcat-8.0.41. It was running fine last 6 hours but now I am getting error while stating the tomcat 26-Feb-2020 11:22:23.600 SEVERE [main] org.apache.tomcat.util.net.AprEndpoint.allocatePoller Poller creation failed org.apache.tomcat.jni.Error: 730055: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full. at org.apache.tomcat.jni.Poll.create(Native Method) at org.apache.tomcat.util.net.AprEndpoint.allocatePoller(AprEndpoint.java:881) at org.apache.tomcat.util.net.AprEndpoint$Poller.init(AprEndpoint.java:1431) at org.apache.tomcat.util.net.AprEndpoint.startInternal(AprEndpoint.java:707) at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:828) at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:491) at org.apache.catalina.connector.Connector.startInternal(Connector.java:986) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:459) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:789) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) at org.apache.catalina.startup.Catalina.start(Catalina.java:629) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:351) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:485) Please suggest . Thanks & Regards Deepak Kumar CCIL - IT 022-61546230 CIN of CCIL- U65990MH2001PLC131804 "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."
RE: Appscan Issues
Dear Amith, Thanks... I will me more detailed. We don't use Apache HTTPD or ngnix. It's just tomcat7. Below is my connector configuration. Regards, Amith Can you use sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true" in connector tag as below. Thanks and Regards Deepak -Original Message- From: Olaf Kock [mailto:tom...@olafkock.de] Sent: Friday, April 08, 2016 9:29 AM To: users@tomcat.apache.org Subject: Re: Appscan Issues Am 08.04.2016 um 15:17 schrieb Kikkeri, Amith: > Hi, > Appscan was performed on our application and 2 issues were encountered. Could anyone please let me know how to resolve these issues ? We use tomcat7. > > Browser Exploit Against SSL/TLS (a.k.a. BEAST) > RC4 cipher suites were detected > (Remove support of SSLv3/TLS1.0 cipher suites with CBC.) Sure. Remove SSL support. Seriously: With the level of information that you give, what's the level of detail that you expect back? Are you using tomcat only? Do you front it with Apache httpd? nginx? Any loadbalancer or SSL-Terminator (pardon the use of SSL here)? If you only have tomcat, what's the configuration of your https connector? Which of the options that are documented in the connector's documentation ( http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support or http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html among others) do you need help with? Olaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."
RE: HSTS missing from HTTPS server on tomcat 8.0.27
Dear Harrie, We have already implemented the said configuration of filter. Still we are unable to implement HSTS. This configuration works absolutely fine on tomcat running running on windows, but in the case of unix we aren't able to achieve HSTS. Below are the steps followed by us: We have downloaded latest tomcat tar.gz from tomcat website, Deployed our application on it, Made above changes in conf\web.xml and then started tomcat. no error till this point. When i started VA testing on the server i get below error : Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level. java.lang.IllegalArgumentException: Invalid character (CR or LF) found in method name at org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:228) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1010) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) and then VA test results show that HSTS is not configured. Please note that we followed the above steps for tomcat on windows and every thing is absolutely fine and even results of VA test don't contain HSTS information. Any help is greatly appreciated. From: "Harrie Robins"To: "'Tomcat Users List'" Date: 08-02-2016 20:51 Subject:RE: HSTS missing from HTTPS server on tomcat 8.0.27 Hello! Missing HSTS is not a vulnerability, as Mark pointed out, it is a feature. In your web.xml httpHeaderSecurity org.apache.catalina.filters.HttpHeaderSecurityFilter hstsEnabled true hstsMaxAgeSeconds 31536000 hstsIncludeSubDomains true true This will NOT activate HSTS for your application, you will need to add this mapping as well (edit to needs and add to application): httpHeaderSecurity /* REQUEST Regards, Harrie -Original Message- From: dku...@ccilindia.co.in [mailto:dku...@ccilindia.co.in] Sent: maandag 8 februari 2016 15:50 To: 'Tomcat Users List' Subject: HSTS missing from HTTPS server on tomcat 8.0.27 Hi, We are unable to fix the vulnerability of "HSTS missing from HTTPS server" on apache tomcat 8.0.27 while running on unix operating system. Below is the system configuration: OS Name: HP-UX OS Version:B.11.31 Architecture: IA64N Java Home:/opt/java8/jre JVM Version: 1.8.0.04-hp-ux-b2 JVM Vendor: Hewlett-Packard Company We have uncommented the httpHeaderSecurity in the filter tag of conf/web.xml file, but still the vulnerability exists. We have also tried with apache tomcat 8.0.30, but in vain. Any help to fix this vulnerability is appreciated. Thanks & Regards Deepak Kumar "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments." - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original
HSTS missing from HTTPS server on tomcat 8.0.27
Hi, We are unable to fix the vulnerability of "HSTS missing from HTTPS server" on apache tomcat 8.0.27 while running on unix operating system. Below is the system configuration: OS Name: HP-UX OS Version:B.11.31 Architecture: IA64N Java Home:/opt/java8/jre JVM Version: 1.8.0.04-hp-ux-b2 JVM Vendor: Hewlett-Packard Company We have uncommented the httpHeaderSecurity in the filter tag of conf/web.xml file, but still the vulnerability exists. We have also tried with apache tomcat 8.0.30, but in vain. Any help to fix this vulnerability is appreciated. Thanks & Regards Deepak Kumar "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."
Unable to fix the vulnerability of " HSTS missing from HTTPS server" on tomcat 8.0.27 running on unix .
Hi , We are unable to fix the vulnerability of " HSTS missing from HTTPS server" on apache tomcat 8.0.27 running on unix . We found the solution for the same by enabling httpHeaderSecurity filter in conf\web.xml file, tag and it works absolutely fine for tomcat 8.0.27 on windows, but the same change on Tomcat 8.0.27 on UNIX, doesn't fix the vulnerabiltiy. The only significant difference we found in tomcats running on unix and windows Tomcat running on windows has JDK 8 installed and tomcat running on unix has JDK 1.7.0.04. Is this reason hampering the fix to the vulnerability. If not what is the solution for this. Any help is greatly appreciated. Thanks & Regards Deepak Kumar "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."
Re: Tomcat hanged on window server 2012
From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Date: 17-08-2015 18:32 Subject:Re: Tomcat hanged on window server 2012 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear Chris, Thanks for the reply, our response to ur questions are highlighted in blue. Any help is greatly appreciated. On 8/17/15 7:13 AM, dku...@ccilindia.co.in wrote: Our application worked fine on tomcat 8.0.22 on windows server 2003 server. The tomcat server is restarted daily using a scheduler on shutdown.bat (at night) and startup.bat files (in the morning). I'm curious, why do you take-down your service overnight? 1.We have downtime for our website. We have now upgraded our machine to windows server 2012 64 bit and now facing some serious issues like the tomcat remains in hanged stage( not responding state.).Once we restart the tomcat server, everything works fine.And this happens only once in a day. After the restart of tomcat,(manually by double click on shutdown.bat file and startup.bat file) it never repeats. When you manually run shutown.bat/startup.bat, what is the effective user? When the scheduler runs, what is the effective user? Perhaps the environment is not configured correctly for one or the other of those. 2. Manually clicking on the shutdown.bat file and letting it happen through a scheduler is done by the same user credentials. We have not found any error in all the relevant log files. We have made the below changes while migration. 1. java upgrade from 1.7.0_40 to 1.8.0_25 2.Removed the tomcat-native.dll file from the bin folder. Why did you remove tomcat-native.dll? You could use the 64-bit version instead of the 32-bit version if you'd like. 3. We have removed tomcat-native.dll file , because we were getting org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR based Apache Tomcat Native library 1.1.32 using APR version 1.5.1. which was indicated as vullnerability by our security team. Also we are using NIO connector and not APR. The configuration of new windows server 2012 is as follows: OS Name: Windows Server 2012-64 bit OS Version: 6.2 java 1.8.0_25 (32 bit) However, we have observed the below error in the windows event viewer log A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Check https://msdn.microsoft.com/en-us/library/windows/desktop/dd721886%28v=vs .85%29.aspx Error 10 is unexpected message, which might happen if your client was trying to connect using SSLv3 or some other unsupported protocol. What does your Connector look like? 4. Our connector tag is as shown below. Connector protocol =org.apache.coyote.http11.Http11NioProtocol port=XXX maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS sslEnabledProtocols=TLSv1.2,TLSv1.1,TLSv1 SSLEnabled=true allowUnsafeLegacyRenegotiation=false ciphers=XXX keystoreFile=X keystorePass= server= /Connector Is this error responsible for the hanging of tomcat server or Is it due to absence of tomcat-native.dll file ??? or is there any other reason why the tomcat server goes into hanging state ??? A thread dump or two would be helpful: http://wiki.apache.org/tomcat/HowTo#If_you_are_running_on_Microsoft_Wind ows What you say that Tomcat has hung what do you mean? Will it respond to HTTP requests? If you run shutdown.bat, will it shutdown cleanly, or do you have to kill the process? 5. Tomcat has hung means,the web page was not available and not responding for the end users .We had to kill it from the task manager as it was not shutting down using shutdown.bat file. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJV0ds2AAoJEBzwKT+lPKRYBtAQAIyPltQAUPX/ybDt63qTCiSb CRr9vSKJzyYkLbP2RM3AUsXbEZ40sJumNtkcAa8nNRPUDdNhijYUTRiFPpxtBYzD lKgafbOPLxh+oCeOmTTM1yIHYxAQI+4Ajy0cRR64YTVdtQ6uM0T/v2qbaidii0zX Y8yCMSCdZ4YFYG2j5Ix6ezN4O/ixNNV+iiQCnKVJgC/WKSJBlnrUkQLHLR80fHvE MCAncgiHMXPEUwOE297aw/7zBwlXeMe9T+aOAOIMFqhirCwf9KLYqn68Nk77gxfT uwuDZLFgIh6DEBfkLSbOFoJai4IneHjdy+voJXZw58VStj2IBbwGWuc6uOv6XAke zsqhnJpBlClncjXol4VgJKvivF0RM070RvISRPNh6HfCF3staaom/Luv2v5NQDFB mInXhPEH/GgruY0z3KPmX/il1uRZAxNVVZ6RRtK+IgxE1GsX6OR8sgLs5OZG8Ncv InPFe+3e04ZWjJOvfWdBilC34soH8b4VNwlZpyOWad9HTxLnzzYecwJo3On2vbtO eKyMT0lS0aUZYcXwnkyBXPdd5OoHoxCs4g/C3/GBCBtqqwHkarkC2QKD5EkwzmHn NqPeUjQln36tA39KCXt7K0vmsh7Ne7VUSOBv+ZsDqfNcaYgYo94vFQwtNLbGP+DH 2Zs6zTaZOaiR++PgkAgz =Hqri -END PGP SIGNATURE- - To
Tomcat hanged on window server 2012
Hi, Our application worked fine on tomcat 8.0.22 on windows server 2003 server. The tomcat server is restarted daily using a scheduler on shutdown.bat (at night) and startup.bat files (in the morning). We have now upgraded our machine to windows server 2012 64 bit and now facing some serious issues like the tomcat remains in hanged stage( not responding state.).Once we restart the tomcat server, everything works fine.And this happens only once in a day. After the restart of tomcat,(manually by double click on shutdown.bat file and startup.bat file) it never repeats. We have not found any error in all the relevant log files. We have made the below changes while migration. 1. java upgrade from 1.7.0_40 to 1.8.0_25 2.Removed the tomcat-native.dll file from the bin folder. The configuration of new windows server 2012 is as follows: OS Name: Windows Server 2012-64 bit OS Version:6.2 java 1.8.0_25 (32 bit) However, we have observed the below error in the windows event viewer log A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10. Is this error responsible for the hanging of tomcat server or Is it due to absence of tomcat-native.dll file ??? or is there any other reason why the tomcat server goes into hanging state ??? Any help is greatly appreciated. Thanks regards Deepak kumar Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Getting javax.net.ssl.SSLHandshakeException
Dear All, We have migrated from apache tomcat 8.0.8 to apache tomcat 8.0.18.(to prevent the poodle attack). But now we are facing the below issue. javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source) at connection.ReceiveConnect.connect(ReceiveConnect.java:77) at util.ReceiveFile.run(ReceiveFile.java:94) at java.lang.Thread.run(Unknown Source) Caused by: java.io.EOFException: SSL peer shut down incorrectly at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) ... 11 more Any help will be greatly appreciated. Thanks and Regards Deepak Kumar Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Re: Getting javax.net.ssl.SSLHandshakeException
Dear Christopher , Perhaps you disabled SSLv3 and a client is trying to connect using SSLv3? We agree with your above statement. We have disabled SSLv3 on Tomcat server and our client is an exe which sends request using below code. URL server = new URL(url); jprogress.setValue(11); final String hostvar = ip; HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { if (hostname.equals(hostvar)) { return true; } else { return false; } } }); try{ HttpsURLConnection con = (HttpsURLConnection) server.openConnection(); jprogress.setValue(14); con.setConnectTimeout(9000); con.setDoOutput(true); con.setUseCaches(false); con.setReadTimeout(6); jprogress.setValue(16); We are unable to find at which point the client exe uses either TLS or SSLv3 to send request to the server. Also we find that client exe works fine in other machines. We want to know if this is system specific or java specific. Any help will be greatly appreciated. Thanks and Regards Deepak kumar From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Date: 24-02-2015 20:36 Subject:Re: Getting javax.net.ssl.SSLHandshakeException -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Deepak, On 2/24/15 9:19 AM, dku...@ccilindia.co.in wrote: We have migrated from apache tomcat 8.0.8 to apache tomcat 8.0.18.(to prevent the poodle attack). Note that upgrading Tomcat is not necessary to mitigate SSL POODLE. Upgrading does have other advantages, though. But now we are facing the below issue. javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source) at connection.ReceiveConnect.connect(ReceiveConnect.java:77) at util.ReceiveFile.run(ReceiveFile.java:94) at java.lang.Thread.run(Unknown Source) Caused by: java.io.EOFException: SSL peer shut down incorrectly at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) ... 11 more Any help will be greatly appreciated. Perhaps you disabled SSLv3 and a client is trying to connect using SSLv3? Try using this tool to probe your server to see what it can do: http://markmail.org/thread/tz4z44nfjl7sy2lj Also remember this: http://markmail.org/thread/ip4j45tioft4bntd - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU7JLBAAoJEBzwKT+lPKRYT8UP/jFwpGCb0ZrNQuyOYQRtB+Fb 7vzciBQbsyXTKin7l5g2+31nP9NGFgxbrXhswJWMQL9ZQyyKxxe4H5RUagpT+IkZ yAkmh7BzTaIkCgQjEVS9y7mQK/lPG37umYcnz4/yKQ/zQKXVeKfxrlOGpNXMtxMu 0QClDNbUrmIfTOOhHmcXiwgcH7bK/mjfeDqow1IyU/mL5J5C66iTEgUEtivGmtyi yCTgWkEQaAlUoQ85Tzp6FQHHA7irIo2IQppBba+BOz2rx+GYrLil2qCaAopbE57T 5LPqrOU0uI2irlc/4wLBxR6MqS6SeZ7aaGMDPqUWfvlg+OlQBl5XFJmlISd1hwTU Sv6wwfFJ7DMvE2KqSMIAtgyM+WfvveJqvf8aE0aaDYt/ikP3mV6r3YUa7IA9r3Lf WdP69upZIZSZMu6G8npNqMzqmWjeYq/K3Rjli5a/9sERdSDA1cwxwitwWklTzEnL VP6pdjoK6UBZFrhaIDmWX4yshGQRgptycna+edh3zd9elAT3utffswAXOP063ToP KD/JmSOSOra0asZq7t6Dl+IqczK3tjByleAJdHlsxqiYGl77XnnGZzxg1qmQBQO2 dqWD+4KZay8X29N26sUWvEJBrBMrddwSRE7YU210ncGSuX4VaUy1iGiZmyCHFtoO WpZRD0ruzsx95nIJE8J/ =Fk6V -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments
Only one request from client but was served twice by Tomcat
Dear All, We have a client that is basically a JAVA desktop application that calls a servlet which is hosted at Tomcat server. The flow of request and response both are logged at the client as well as the server end.( i.e each and every request and response is logged) Now, the client sent a request at a particular time say 9.00 am.(This is logged at client end). the request was served and logged at server end. but it seems Acknowledgement from the server did not reach the client (Assuming the network congestion) and not present in the client logs. After three minutes, the request was once again served by Tomcat, and again logged at server end, but at client end no logging for a fresh second request made, and logs of one successful completion of the request. Totally there was only one request from client but was served twice by Tomcat what could be the reason? We are using Tomcat - 7.0.35 on Unix box In server.xml Connector port=8443 SSLEnabled=true acceptCount=500 protocol=org.apache.coyote.http11.Http11NioProtocol allowUnsafeLegacyRenegotiation=false maxThreads=5 scheme=https secure=true clientAuth=false Thanks and Regards Deepak Kumar Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Cannot disable SSL v3
Dear All, Below is my configuration in server.xml file of tomcat 7.0.22. Connector className =org.apache.catalina.connector.http.HttpConnector port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS SSLEnabled=true allowUnsafeLegacyRenegotiation=false ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA keystoreFile=*** keystorePass=*** server= Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ /Connector I tried with below changes. 1. sslProtocol changed to SSLProtocol 2. Removed SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher from ciphers 3. sslProtocol =TLS changed to sslProtocol =TLSv1 But still unable to disable SSL v3 Any help will be appreciated. Thanks and Regards Deepak Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Re: Cannot disable SSL v3
Dear Chris Thanks for your reply How can I know which protocol support my JVM. We are using java1.7.0_40 I have tested with https://www.ssllabs.com/ssltest/index.html Please let us know is any turnaround in my server.xml configuration to disable SSL v3. Thanks and Regards Deepak -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Deepak, On 10/17/14 11:58 AM, dku...@ccilindia.co.in wrote: Below is my configuration in server.xml file of tomcat 7.0.22. Upgrade. Connector className =org.apache.catalina.connector.http.HttpConnector No such class exists. Which connector are you actually using? A Java connector or the native connector? port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS Use of sslProtocol indicates that you are using a Java connector. SSLEnabled=true allowUnsafeLegacyRenegotiation=false ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA Use of ciphers indicates that you are using a Java connector. Please see the documentation for the HTTP connector: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html The sslProtocol attribute is documented to use JVM-defined strings. You will need to see what protocols are supported by your JVM. keystoreFile=*** keystorePass=*** server= Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ Why are you configuring an SSLServerSocketFactory here? I don't believe that is even a valid configuration. /Connector I tried with below changes. 1. sslProtocol changed to SSLProtocol sslProtocol is for Java connectors while SSLProtocol is for the native connector. 2. Removed SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher from ciphers This configures a single cipher and not a protocol. 3. sslProtocol =TLS changed to sslProtocol =TLSv1 But still unable to disable SSL v3 Did you restart? What were the results? How did you test? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUQUnZAAoJEBzwKT+lPKRYgmYP/3PG61mtnazM/ghZNYV/u0zo CCvWlNaYWjrIEg25o/IvOTnTOhKmyfOkYnJ/9CrTtA8qrrhOnPZQl5wSfYpHWRVS rpIbMy3IuPRqRhugDCmwFeGWZW2PtHagSPj+M8BrYjnthVlHcxDJil5qvDtf+DVu 2iH5VWODtBGHvouQ4OSm/R+1dzmwcgeQrQuTRuhTxfw0+Li+aKG9uAzULECZhwac rI7ziFGNTRXYneSNjRd8HA9zcG0onHJu9iQadBHyjeX1tMiC3zQqvQGgml9djAGL Nv6kyIAQrgwr2Ru79ONWUz3KGllDQMoBrgHHNJHLx0KrFNl9/NfdMOT/+L70YpEB XPnRfVIadmSfNU2bqlpQu6aaU/B5aQhL4LErcgK5njhF2GT7Ed95MYihYDh3BYnR vtv0Ccx6Sa2Mv8ZKm4evo30Epv9SMp4Y2Y+G+Hws78zJoCbVVa8W9juLolQ3iJhT 5w93x+AaXIDGkqr5xBKqEFCUirAIJZNyNmAh/ponTTPyPZS7uJ7Iqnu+So0WTqyt UwNurdQ1cdGqfdaIlS1S/sam0oxEF4UQ0X5CCEQjnbj8DeMBRgiFd35qhQvhTJpH A92dI9NyHpLVYTf39D7VEu3KbNPr5f1t1ClUaRrmKRzPj9FbS+TSYP+7bp01CcNr x0CXTAdCXQlq3P9eon3h =JTST -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Re: cannot disable SSL v3 [SOLVED]
Hello all, I have removed SSL cypher from my configuration. and its working. Please let me know is this correct way to solve this. I am running Tomcat 7.0.22 Connector port=443 maxThreads=150 scheme=https secure=true sslProtocol=TLS SSLEnabled=true ciphers= Thanks and regards Deepak On 10/16/2014 2:38 PM, Vu Pham wrote: I believe some village somewhere was missing somebody :) Reading the tomcat/apr doc (http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support) , I found that I have to use SSLProtocol instead of sslProtocol. Tomcat's case-sensitivity has bitten me more than once! After making that change, SSLv3 disappear. Thanks, Vu On 10/16/2014 08:32 AM, vu pham wrote: All, I am running tomcat 7.0.26 with APR on RHEL 5.10 (x86_64) . My server.xml 's configuration for the https connector is as follows: Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLSv1 SSLCertificateKeyFile=/u01/apache-tomcat-7.0.26/conf/servey_xxx.key SSLCertificateFile=/u01/apache-tomcat-7.0.26/conf/server_xxx.crt SSLCACertificateFile=/u01/apache-tomcat-7.0.26/conf/SSL123_CA_Bundle.pem / I also tried sslProtocol with different values of TLS, TLSv1.1, and TLSv1.2, but the ssl tests such the ones from SSLLabs or Thawte claim that my server still has SSLv3 enabled. Any advice is greatly appreciated. Thanks, Vu - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
denying the request if it comes through IP address instead of DNS
Hello All, We are using - Tomcat Version - 7.0.22 Operating System Version : Windows 2003 server To close a vulnerability, To denying the request if it comes through IP address instead of DNS, we have made below configuration changes in server.xml Engine name=Catalina defaultHost=server DNS name defaultHost was set to localhost prior to change Host name=server DNS name appBase=webapps unpackWARs=true autoDeploy=true Hostname was set to localhost prior to change But Due this change we are losing logging in localhost.log in logs folder of TOMCAT, Please suggest how to redirect console logging to a given file or how to retain the localhost.log file of tomcat. Kindly also let us know instead of above settings any other configuration setting will make denial of any request if it comes through IP address instead of DNS, Thanks Regards Deepak Kumar Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Unable to start tomcat (JDBC-ORACLE CONNECTIVITY ISSUE WITYH OCI8 DRIVER using oracle 11g client.)
Dear All, JDBC-ORACLE CONNECTIVITY ISSUE WITYH OCI8 DRIVER using oracle 11g client.. I am getting below error when i m trying to access oracle db using oracle 11g client. It works with earlier oracle client versions. how do i resolve this. is there any issue with version of ojdbc6.jar that i am using??? I cant use thin driver since its an old application for which i dont have source files. Apr 6, 2013 1:00:59 PM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet jsp threw exception java.lang.UnsatisfiedLinkError: no ocijdbc9 in java.library.path at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1682) at java.lang.Runtime.loadLibrary0(Runtime.java:822) at java.lang.System.loadLibrary(System.java:992) at oracle.jdbc.oci8.OCIDBAccess.logon(OCIDBAccess.java:262) at oracle.jdbc.driver.OracleConnection.init(OracleConnection.java:346) at oracle.jdbc.driver.OracleDriver.getConnectionInstance(OracleDriver.java:468) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:314) at java.sql.DriverManager.getConnection(DriverManager.java:525) at java.sql.DriverManager.getConnection(DriverManager.java:171) at PettyCash.SysDate.getSysSubSys(SysDate.java:232) at org.apache.jsp.PettyCash.index_jsp._jspService(org.apache.jsp.PettyCash.index_jsp:186) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:322) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) Code is as follow for reference import oracle.jdbc.driver.*; DriverManager.registerDriver(new oracle.jdbc.OracleDriver()); conn = DriverManager.getConnection (jdbc:oracle:oci8:@ + database,db_user, db_pass); eNVIRONMENT VARIABLES set are as follows: classpath C:\Program Files\apache-tomcat-5.5.12\common\lib\servlet-api.jar;C:\Program Files\apache-tomcat-5.5.12\webapps\ROOT\WEB-INF\lib\classes12.jar;C:\Program Files\apache-tomcat-5.5.12\webapps\ROOT\WEB-INF\lib\ojdbc6.jar; JAVA_HOME C:\Program Files\Java\jdk1.5.0_04 PATH C:\Program Files\Java\jdk1.5.0_04\bin ORACLE_HOME D:\Oracle11\product\11.2.0\client_1\BIN Thanks and Regards Deepak Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
tomcat-7.0.35 ON Window Server SP 2
Hi, I have downloaded apache-tomcat-7.0.35.zip and runiing it on Window Server SP 2 machine and it is working fine. Is it OK to run apache-tomcat-7.0.35 setup on Window Server SP 2 machine? Please reply. Server version: Apache Tomcat/7.0.35 OS Name:Windows Server SP 2 32 bit Thanks and Regards Deepak Kumar Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Tomcat(7.0.35) vulnerability or issues
Dear All, We are upgrading the tomcat from version 6.0.18 to 7.0.35 Operating System Version : HP-UX 11.31 Please inform us if there are any known issues or any vulnerability on latest tomcat version of 7.0.35. Thanks and Regards Deepak Kumar Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
tomcat-7.0.35-windows-x86 ON 64 bit UNIX
Hi, I have downloaded apache-tomcat-7.0.35-windows-x86.zip and runiing it on 64 bit UNIX machine and it is working fine. Is it OK to run x86 setup on 64 bit UNIX machine? Please reply. Server version: Apache Tomcat/7.0.35 Server built: Jan 10 2013 10:52:49 Server number: 7.0.35.0 OS Name:HP-UX OS Version: B.11.31 Architecture: IA64N JVM Version:1.7.0.04-jinteg_2012_11_21_09_34-b00 JVM Vendor: Hewlett-Packard Company Thanks and Regards Deepak Kumar Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Getting error while starting tomcat
Hello All, Tomcat Server 7.0.35 Operating System Version : HP-UX 11.31 JRE_HOME:/opt/java1.5 We are getting error in Catalina log file while starting the tomcat server Exception in thread main java.lang.UnsupportedClassVersionError: Bad version number in .class file at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:620) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124) at java.net.URLClassLoader.defineClass(URLClassLoader.java:260) at java.net.URLClassLoader.access$100(URLClassLoader.java:56) at java.net.URLClassLoader$1.run(URLClassLoader.java:195) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) Please suggest us. Thanks and Regards Deepak Kumar Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Re: How to limit the number of renegotiations for a single TLS / SSL connection
Hello All, We have upgraded the tomcat(7.0.35) and ssl(0.9.8x) Still facing same issue Please suggest Thanks and regards Deepak Kumar From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Date: 02/09/2013 11:35 PM Subject:Re: How to limit the number of renegotiations for a single TLS / SSL connection On 08/02/2013 15:05, Mark Thomas wrote: On 08/02/2013 14:34, Caldarale, Charles R wrote: From: dku...@ccilindia.co.in [mailto:dku...@ccilindia.co.in] Subject: How to limit the number of renegotiations for a single TLS / SSL connection We are using - Tomcat Version - 6.0.18 Please suggest the recommended solution for tomcat Try using a version of Tomcat that's newer than 4.5 years old. Many security-related fixes have gone in since then, and it's irresponsible to expose your site to situations that have been addressed years previously. If you check the changelog, I think you'll find this TLS issue was addressed quite some time ago; it may require a JVM upgrade as well. No, this is a different issue. Not to disagree with Mark T... but the point about using old software is still a good one. Tomcat 6.0.18 vs Tomcat 6.0.36 OpenSSL 0.9.8k (25-Mar-2009) vs OpenSSL 0.9.8y (05-Feb-2013) Focusing on particular issues like this, rather than addressing the big picture and using a more recent build of Open SSL and/or Tomcat (that will carry many fixes) means the OP is probably Doing IT Wrong. p -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Re: How to limit the number of renegotiations for a single TLS / SSL connection
Hello Mark We have just updated the tomcat version to 7.0.35 and have not explicitly gave any connector protocol in connector tag, when tomcat is starting its giving Initializing ProtocolHandler [http-bio-443] Regards Deepak From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Date: 02/11/2013 04:48 PM Subject:Re: How to limit the number of renegotiations for a single TLS / SSL connection On 11/02/2013 11:10, dku...@ccilindia.co.in wrote: Hello All, We have upgraded the tomcat(7.0.35) and ssl(0.9.8x) Still facing same issue Please suggest Are you sure you are using the APR/native connector? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Re: How to limit the number of renegotiations for a single TLS / SSL connection
Hello Mark We have just updated the tomcat version to 7.0.35 and have not explicitly gave any connector protocol in connector tag, when tomcat is starting its giving Initializing ProtocolHandler [http-bio-8443] Regards Deepak From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Date: 02/11/2013 04:48 PM Subject:Re: How to limit the number of renegotiations for a single TLS / SSL connection On 11/02/2013 11:10, dku...@ccilindia.co.in wrote: Hello All, We have upgraded the tomcat(7.0.35) and ssl(0.9.8x) Still facing same issue Please suggest Are you sure you are using the APR/native connector? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Re: How to limit the number of renegotiations for a single TLS / SSL connection
Hello, We tried to set APR connector protocol attribute in connector tag but we are not able to start the tomcat as the supporting library are not found in JDK 1.7 installed in my system Please suggest where we will get the APR connector file. @Mark Sorry for duplicate message. That has a correction [http-bio-8443] instead of [http-bio-443] Thanks and Regards Deepak From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Date: 02/11/2013 05:23 PM Subject:Re: How to limit the number of renegotiations for a single TLS / SSL connection On 11/02/2013 11:31, dku...@ccilindia.co.in wrote: Hello Mark We have just updated the tomcat version to 7.0.35 and have not explicitly gave any connector protocol in connector tag, when tomcat is starting its giving Initializing ProtocolHandler [http-bio-443] Which means you are using the BIO HTTP connector, not the APR/native HTTP connector. The BIO connector supports renegotiation. Mark P.S. Please stop a) sending duplicate messages to the users list b) cc'ing list members on your replies. Regards Deepak From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Date: 02/11/2013 04:48 PM Subject:Re: How to limit the number of renegotiations for a single TLS / SSL connection On 11/02/2013 11:10, dku...@ccilindia.co.in wrote: Hello All, We have upgraded the tomcat(7.0.35) and ssl(0.9.8x) Still facing same issue Please suggest Are you sure you are using the APR/native connector? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
Re: How to limit the number of renegotiations for a single TLS / SSL connection
Hello All, @ Mark we have not specified any specific connector protocol in the connector tag, is that mean we are using native APR connector, and if it is so, then as renegotiation is not permitted in APR why VA tool says renegotiation DoS vulnerability, and it would be of great help if you explain how to implement HTTP NIO or BIO connector to handle this renegotiation issue. @Daniel Please find the connector tag of sever.xml Connector port=8443 SSLEnabled=true acceptCount=500 ciphers=Some cipher allowUnsafeLegacyRenegotiation=false maxThreads=5 scheme=https secure=false clientAuth=false sslProtocol=TLS keystoreFile=cert.key keystorePass=password / Any help wold be appreciated. Thanks and regards Deepak. From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Date: 02/08/2013 08:44 PM Subject:Re: How to limit the number of renegotiations for a single TLS / SSL connection On 08/02/2013 14:28, dku...@ccilindia.co.in wrote: Hello All, We are using - Tomcat Version - 6.0.18 Operating System Version : HP-UX 11.31 SSL Version - OpenSSL 0.9.8k 25 Mar 2009 Port - 8443 By running the venerability assessment test we are getting the following observation The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition. Please suggest the recommended solution for tomcat To repeat what I have said privately on this topic: quote The Apache Tomcat security team has reviewed the available information for CVE-2011-1473 and has performed some testing of Apache Tomcat using one of the many tools that has be written to demonstrate this issue. Our conclusions are: - In terms of CPU usage there is not a large difference (same order of magnitude) between a client creating multiple HTTPS connections and a client creating a single HTTPS connection and repeatedly requesting renegotiation. This is consistent with the findings / opinions of the numerous SSL/TLS experts that have commented on this issue. - Repeated renegotiation attempts from a single client can be detected by a firewall. - Multiple connection attempts from a client are easier for a firewall to identify than multiple renegotiation requests. - Client renegotiation is not permitted by the HTTP APR/native connector. - It would be possible to add renegotiation rate limiting to the HTTP BIO and NIO connectors but there is not a clear-cut case for doing this. We would also draw your attention to the following text on the Apache Tomcat website security pages [1]: quote Note that all networked servers are subject to denial of service attacks, and we cannot promise magic workarounds to generic problems (such as a client streaming lots of data to your server, or re-requesting the same URL repeatedly). In general our philosophy is to avoid any attacks which can cause the server to consume resources in a non-linear relationship to the size of inputs. /quote Further discussion of this issue, particularly the usefulness of adding renegotiation rate-limiting to the the HTTP BIO and NIO connectors, should take place on the public Tomcat users mailing list. Mark on behalf of the Apache Tomcat security team /quote With all the above in mind is there an argument for introducing renegotiation rate limiting for BIO and NIO? Or do we just say if you are bothered about CVE-2011-1473, use APR. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever
6.0.18, UNIX,
Hello to All, We are using - Tomcat Version - 6.0.18 Operating System Version : HP-UX 11.31 SSL Version - OpenSSL 0.9.8k 25 Mar 2009 Port - 8443 By running the venerability assessment test we are getting the following observation The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition. Please suggest the recommended solution for tomcat Thanks Regards Deepak Kumar Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.
How to limit the number of renegotiations for a single TLS / SSL connection
Hello All, We are using - Tomcat Version - 6.0.18 Operating System Version : HP-UX 11.31 SSL Version - OpenSSL 0.9.8k 25 Mar 2009 Port - 8443 By running the venerability assessment test we are getting the following observation The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition. Please suggest the recommended solution for tomcat Thanks Regards Deepak Kumar Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments.