Unable to transfer file above 60mb in Tomcat

[dkumar]

Dear team,

I have a file copy application, that run between tomcat server and java 
client. Its copy file from server end to paste at client end. 

At server end code written in Servlet file. Its read file data and file 
name from file. And storing it into String object and send it to client in 
response. 
At server end we are creating file using above data and file name.
I have shared code snipped below. 
-- Server end -- 
--
File fromFolderSec = new File("folder path");
   File[] sendfile = fromFolderSec.listFiles(); 
   File[] var28 = sendfile;
String filesContent = null;
File file = sendfile[0];
String currFileName = file.getName();
   try {
filesName.add(file.getName()); 
  FileInputStream fis = new FileInputStream(file);
  int arraysize = fis.available(); 
  StringBuffer sb = new StringBuffer();
int i;
  for(i = 0; i < arraysize; ++i) {
sb.append((char)fis.read());
  }
  filesContent.add(sb.toString());
  fis.close();
} catch (StringIndexOutOfBoundsException var36) {
  System.out.println( " Exception occurred while sending 
file: Exc=" + var36.getMessage());
}

---Client end -
File toFolderSec = new File("Folder path");
  try {
File ffile = null;
File tempFolder = new File(toFolderSec.getPath());
ffile = new File(toFolderSec.getPath() + "//" + 
currFileName); 
BufferedWriter bw = new BufferedWriter(new 
FileWriter(ffile));
String data = filesContent.get(0);
bw.write(data);
bw.flush();
bw.close(); 
} catch (Exception  var36) {
System.out.println( " Exception  Exc=" + 
var36.getMessage());
   }
 
---

This code was working fine on HPunix. Recently we have migrated our server 
to IBM Linux1. After migration application getting stuck while sending 
file size more than 60mb.  Below 60mb its working fine.

Some error file has gerated in tomcat/bin folder Out of that sharing one 
file details below
File name -- javacore.20220427.122826.201959.0012.txt 

1TISIGINFO Dump Event "systhrow" (0004) Detail 
"java/lang/OutOfMemoryError" "Java heap space" received

1CIUSERLIMITS  User Limits (in bytes except for NOFILE and NPROC)
NULL 

NULL   typesoft limit   hard 
limit
2CIUSERLIMIT   RLIMIT_ASunlimited unlimited
2CIUSERLIMIT   RLIMIT_CORE  unlimited unlimited
2CIUSERLIMIT   RLIMIT_CPU   unlimited unlimited
2CIUSERLIMIT   RLIMIT_DATA  unlimited unlimited
2CIUSERLIMIT   RLIMIT_FSIZE unlimited unlimited
2CIUSERLIMIT   RLIMIT_LOCKS unlimited unlimited
2CIUSERLIMIT   RLIMIT_MEMLOCK   65536 65536
2CIUSERLIMIT   RLIMIT_NOFILE10240 10240
2CIUSERLIMIT   RLIMIT_NPROC  4096 180193
2CIUSERLIMIT   RLIMIT_RSS   unlimited unlimited
2CIUSERLIMIT   RLIMIT_STACK 838860800 838860800
2CIUSERLIMIT   RLIMIT_MSGQUEUE 819200 819200
2CIUSERLIMIT   RLIMIT_NICE  0   0
2CIUSERLIMIT   RLIMIT_RTPRIO0   0
2CIUSERLIMIT   RLIMIT_SIGPENDING55347 55347

0SECTION   NATIVEMEMINFO subcomponent dump routine
NULL   =
0MEMUSER
1MEMUSER   JRE: 1,085,352,584 bytes / 20226 allocations
1MEMUSER   |
2MEMUSER   +--VM: 798,286,440 bytes / 16812 allocations
2MEMUSER   |  |
3MEMUSER   |  +--Classes: 30,652,464 bytes / 889 allocations
2MEMUSER   |  |
3MEMUSER   |  +--Memory Manager (GC): 549,215,240 bytes / 783 
allocations
3MEMUSER   |  |  |
4MEMUSER   |  |  +--Java Heap: 536,932,352 bytes / 1 allocation
3MEMUSER   |  |  |
4MEMUSER   |  |  +--Other: 12,282,888 bytes / 782 allocations
2MEMUSER   |  |
3MEMUSER   |  +--Threads: 16,317,048 bytes / 257 allocations
3MEMUSER   |  |  |
4MEMUSER   |  |  +--Java Stack: 398,744 bytes / 35 allocations
3MEMUSER   |  |  |
4MEMUSER   |  |  +--Native Stack: 15,597,568 bytes / 36 allocations
3MEMUSER   |  |  |
4MEMUSER   |  |  +--Other: 320,736 bytes / 186 allocations
2MEMUSER   |  |
3MEMUSER   |  +--Trace: 730,496 bytes / 2948 allocations
2MEMUSER   |  |
3MEMUSER   |  +--JVMTI: 17,776 bytes / 13 allocations
2MEMUSER   

Re: Unable to start Tomcat 10.0.4

[dkumar]

> I suggest you have a read here:
> https://tomcat.apache.org/tomcat-10.0-doc/config/http.html#SSL_Support
> The documentation covers the details you need to correctly configure 
Tomcat
> and SSL and links to a related page about SSL configuration.

> Notice the line:
> Each secure connector must define at least one *SSLHostConfig*. The 
names
> of the *SSLHostConfig* elements must be unique and one of them must 
match
> the defaultSSLHostConfigName attribute of the *Connector*.
Thank you all
Issue has been resolved after configuring SSLHostConfig


On Tue, Mar 16, 2021 at 12:42 PM  wrote:

> > If you look at the stack trace, it tells you what the problem is:
>
> >  Caused by: java.lang.IllegalArgumentException: No SSLHostConfig
> > element was found with the hostName [_default_] to match the
> > defaultSSLHostConfigName for the connector [https-openssl-nio-8443]
>
> > So it no longer looks like you are hitting a port in use issue.
> Please suggest what configuration need to do. To remove this error. It
> will be very helpful for us.
>
>
> On Tue, Mar 16, 2021 at 12:01 PM  wrote:
>
> > > Please provide full stacktrace
> > Please find full catlina log and I have already shared server.xml in
> trail
> > mail
> >
> > 16-Mar-2021 21:26:54.263 WARNING [main]
> > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> > [Server/Service/Connector] failed to set property 
[compressableMimeType]
> > to
> >
> >
>
> 
[text/html,text/xml,text/javascript,application/x-javascript,application/javascript]
> > 16-Mar-2021 21:26:54.269 WARNING [main]
> > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> > [Server/Service/Connector] failed to set property [clientAuth] to
> [false]
> > 16-Mar-2021 21:26:54.270 WARNING [main]
> > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> > [Server/Service/Connector] failed to set property [sslProtocol] to 
[TLS]
> > 16-Mar-2021 21:26:54.270 WARNING [main]
> > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> > [Server/Service/Connector] failed to set property 
[sslEnabledProtocols]
> to
> > [TLSv1.2,TLSv1.1]
> > 16-Mar-2021 21:26:54.270 WARNING [main]
> > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> > [Server/Service/Connector] failed to set property
> > [allowUnsafeLegacyRenegotiation] to [false]
> > 16-Mar-2021 21:26:54.270 WARNING [main]
> > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> > [Server/Service/Connector] failed to set property [ciphers] to
> > [TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA]
> > 16-Mar-2021 21:26:54.271 WARNING [main]
> > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> > [Server/Service/Connector] failed to set property [keystoreFile] to
> > [/conf/eNotice.key]
> > 16-Mar-2021 21:26:54.272 WARNING [main]
> > org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> > [Server/Service/Connector] failed to set property [keystorePass] to
> > [eNotice@1]
> > 16-Mar-2021 21:26:54.306 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log Server version
> name:
> >   Apache Tomcat/10.0.4
> > 16-Mar-2021 21:26:54.307 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log Server built: 
Mar
> > 5 2021 11:07:15 UTC
> > 16-Mar-2021 21:26:54.307 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log Server version
> > number: 10.0.4.0
> > 16-Mar-2021 21:26:54.307 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log OS Name: Windows
> > 10
> > 16-Mar-2021 21:26:54.307 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log OS Version: 10.0
> > 16-Mar-2021 21:26:54.308 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log Architecture: 
x86
> > 16-Mar-2021 21:26:54.308 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log Java Home:
> > C:\Program Files (x86)\Java\jdk1.8.0_271\jre
> > 16-Mar-2021 21:26:54.308 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log JVM Version:
> > 1.8.0_271-b09
> > 16-Mar-2021 21:26:54.308 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: 
Oracle
> > Corporation
> > 16-Mar-2021 21:26:54.309 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:
> > D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4
> > 16-Mar-2021 21:26:54.309 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:
> > D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4
> > 16-Mar-2021 21:26:54.310 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log Command line
> > argument:
> >
> >
>
> 
-Djava.util.logging.config.file=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4\conf\logging.properties
> > 16-Mar-2021 21:26:54.310 INFO [main]
> > org.apache.catalina.startup.VersionLoggerListener.log Command line
> > argument:
> > -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> > 16-Mar-2021 21:26:54.311 INFO [main]
> > 

Re: Unable to start Tomcat 10.0.4

[dkumar]

> If you look at the stack trace, it tells you what the problem is:

>  Caused by: java.lang.IllegalArgumentException: No SSLHostConfig
> element was found with the hostName [_default_] to match the
> defaultSSLHostConfigName for the connector [https-openssl-nio-8443]

> So it no longer looks like you are hitting a port in use issue.
Please suggest what configuration need to do. To remove this error. It 
will be very helpful for us. 


On Tue, Mar 16, 2021 at 12:01 PM  wrote:

> > Please provide full stacktrace
> Please find full catlina log and I have already shared server.xml in 
trail
> mail
>
> 16-Mar-2021 21:26:54.263 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [compressableMimeType]
> to
>
> 
[text/html,text/xml,text/javascript,application/x-javascript,application/javascript]
> 16-Mar-2021 21:26:54.269 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [clientAuth] to 
[false]
> 16-Mar-2021 21:26:54.270 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [sslProtocol] to [TLS]
> 16-Mar-2021 21:26:54.270 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [sslEnabledProtocols] 
to
> [TLSv1.2,TLSv1.1]
> 16-Mar-2021 21:26:54.270 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property
> [allowUnsafeLegacyRenegotiation] to [false]
> 16-Mar-2021 21:26:54.270 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [ciphers] to
> [TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA]
> 16-Mar-2021 21:26:54.271 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [keystoreFile] to
> [/conf/eNotice.key]
> 16-Mar-2021 21:26:54.272 WARNING [main]
> org.apache.tomcat.util.digester.SetPropertiesRule.begin Match
> [Server/Service/Connector] failed to set property [keystorePass] to
> [eNotice@1]
> 16-Mar-2021 21:26:54.306 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server version 
name:
>   Apache Tomcat/10.0.4
> 16-Mar-2021 21:26:54.307 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server built: Mar
> 5 2021 11:07:15 UTC
> 16-Mar-2021 21:26:54.307 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Server version
> number: 10.0.4.0
> 16-Mar-2021 21:26:54.307 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log OS Name:   Windows
> 10
> 16-Mar-2021 21:26:54.307 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log OS Version:   10.0
> 16-Mar-2021 21:26:54.308 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Architecture: x86
> 16-Mar-2021 21:26:54.308 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Java Home:
> C:\Program Files (x86)\Java\jdk1.8.0_271\jre
> 16-Mar-2021 21:26:54.308 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log JVM Version:
> 1.8.0_271-b09
> 16-Mar-2021 21:26:54.308 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle
> Corporation
> 16-Mar-2021 21:26:54.309 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:
> D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4
> 16-Mar-2021 21:26:54.309 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:
> D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4
> 16-Mar-2021 21:26:54.310 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument:
>
> 
-Djava.util.logging.config.file=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4\conf\logging.properties
> 16-Mar-2021 21:26:54.310 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument:
> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> 16-Mar-2021 21:26:54.311 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Djdk.tls.ephemeralDHKeySize=2048
> 16-Mar-2021 21:26:54.311 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
> 16-Mar-2021 21:26:54.311 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Dignore.endorsed.dirs=
> 16-Mar-2021 21:26:54.312 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: 
-Dcatalina.base=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4
> 16-Mar-2021 21:26:54.312 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: 

Re: Unable to start Tomcat 10.0.4

[dkumar]

> Please provide full stacktrace
Please find full catlina log and I have already shared server.xml in trail 
mail 

16-Mar-2021 21:26:54.263 WARNING [main] 
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match 
[Server/Service/Connector] failed to set property [compressableMimeType] 
to 
[text/html,text/xml,text/javascript,application/x-javascript,application/javascript]
16-Mar-2021 21:26:54.269 WARNING [main] 
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match 
[Server/Service/Connector] failed to set property [clientAuth] to [false]
16-Mar-2021 21:26:54.270 WARNING [main] 
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match 
[Server/Service/Connector] failed to set property [sslProtocol] to [TLS]
16-Mar-2021 21:26:54.270 WARNING [main] 
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match 
[Server/Service/Connector] failed to set property [sslEnabledProtocols] to 
[TLSv1.2,TLSv1.1]
16-Mar-2021 21:26:54.270 WARNING [main] 
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match 
[Server/Service/Connector] failed to set property 
[allowUnsafeLegacyRenegotiation] to [false]
16-Mar-2021 21:26:54.270 WARNING [main] 
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match 
[Server/Service/Connector] failed to set property [ciphers] to 
[TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA]
16-Mar-2021 21:26:54.271 WARNING [main] 
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match 
[Server/Service/Connector] failed to set property [keystoreFile] to 
[/conf/eNotice.key]
16-Mar-2021 21:26:54.272 WARNING [main] 
org.apache.tomcat.util.digester.SetPropertiesRule.begin Match 
[Server/Service/Connector] failed to set property [keystorePass] to 
[eNotice@1]
16-Mar-2021 21:26:54.306 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server version name: 
  Apache Tomcat/10.0.4
16-Mar-2021 21:26:54.307 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server built:   Mar 
5 2021 11:07:15 UTC
16-Mar-2021 21:26:54.307 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Server version 
number: 10.0.4.0
16-Mar-2021 21:26:54.307 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log OS Name:   Windows 
10
16-Mar-2021 21:26:54.307 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log OS Version:   10.0
16-Mar-2021 21:26:54.308 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Architecture:   x86
16-Mar-2021 21:26:54.308 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Java Home:  
C:\Program Files (x86)\Java\jdk1.8.0_271\jre
16-Mar-2021 21:26:54.308 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log JVM Version:  
1.8.0_271-b09
16-Mar-2021 21:26:54.308 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:   Oracle 
Corporation
16-Mar-2021 21:26:54.309 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:  
D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4
16-Mar-2021 21:26:54.309 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:  
D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4
16-Mar-2021 21:26:54.310 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: 
-Djava.util.logging.config.file=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4\conf\logging.properties
16-Mar-2021 21:26:54.310 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
16-Mar-2021 21:26:54.311 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Djdk.tls.ephemeralDHKeySize=2048
16-Mar-2021 21:26:54.311 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
16-Mar-2021 21:26:54.311 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Dignore.endorsed.dirs=
16-Mar-2021 21:26:54.312 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Dcatalina.base=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4
16-Mar-2021 21:26:54.312 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: -Dcatalina.home=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4
16-Mar-2021 21:26:54.312 INFO [main] 
org.apache.catalina.startup.VersionLoggerListener.log Command line 
argument: 
-Djava.io.tmpdir=D:\apache-tomcat-10.0.4_bk\apache-tomcat-10.0.4\temp
16-Mar-2021 21:26:54.348 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache 
Tomcat Native library [1.2.26] using APR version [1.7.0].
16-Mar-2021 21:26:54.348 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR 
capabilities: IPv6 [true], sendfile [true], accept filters [false], random 
[true], UDS [true].
16-Mar-2021 

Re: Unable to start Tomcat 10.0.4

[dkumar]

>> Your more recent exception log didn't include the "caused by" exception
> --
>> which is the actual failure details. Double-check that and make sure
> it's
>> the same issue.
>>
>> Also, use netstat to confirm you aren't using the ports already.
> Changing
>> it may just find another conflict (although less likely). The first
> error
>> was quite clear about the port being unavailable.
>>
>> How are you starting Tomcat? Are you somehow starting it twice?
> I start tomcat click on batch file. I have changed port 80 to 81 please
> find both log below. Unable to find any port (80, 81, 443) in netstat.
> Please suggest where I am doing wrong
>
> Old log with port 80 and 443
> 16-Mar-2021 16:45:44.410 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
> successfully initialized [OpenSSL 1.1.1i  8 Dec 2020]
> 16-Mar-2021 16:45:44.704 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio-80"]
> 16-Mar-2021 16:45:44.716 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component [Connector[null-80]]
>  org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
>  at
> 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
>  at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>  at
> 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:558)
>  at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>
> New log with change port 81 and 443
> 16-Mar-2021 20:16:06.094 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
> successfully initialized [OpenSSL 1.1.1i  8 Dec 2020]
> 16-Mar-2021 20:16:06.380 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio-81"]
> 16-Mar-2021 20:16:06.411 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-openssl-nio-443"]
> 16-Mar-2021 20:16:06.413 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component
> [Connector[org.apache.coyote.http11.Http11NioProtocol-443]]
>  org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
>  at
> 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
>  at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>  at
> 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:558)
>  at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>
> On Tue, Mar 16, 2021 at 9:38 AM  wrote:
>
>>> Deepak,
>>> You already have some service listening on port 80 (IIS maybe?)
>>>
>>>
>>> from mobile (sorry for typos ;)
>>>
>>> We have changed the port still getting same error
>>> Maybe you have the same port configured twice in your conf/server.xml?
>>> Please post *all*  elements from your conf/server.xml file,
>>> being careful to remove any secrets from your configuration.
>> -chris
>> please find conf/server.xml file
>>
>> 
>> 
>> className="org.apache.catalina.startup.VersionLoggerListener"
>> />
>>> SSLEngine="on" />
>>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
> />
>>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> />
>>
>>  >type="org.apache.catalina.UserDatabase"
>>description="User database that can be updated and 
saved"
>>   factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>>pathname="conf/tomcat-users.xml" />
>>
>>
>>  > maxThreads="150" minSpareThreads="25"
>> enableLookups="false" redirectPort="445" acceptCount="100"
>> connectionTimeout="302000"
> disableUploadTimeout="true"
>> compression="on" compressionMinSize="2048"
>> noCompressionUserAgents="gozilla, traviata"
>>
> 
compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,application/javascript"
>>   server=" " />
>>   ="org.apache.coyote.http11.Http11NioProtocol"
>> port="445" maxHttpHeaderSize="8192" maxThreads="150"
>>  minSpareThreads="25"
> enableLookups="false"
>> disableUploadTimeout="true" acceptCount="100" scheme="https"
> secure="true"
>>  clientAuth="false" sslProtocol="TLS"
>> sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true"
>> allowUnsafeLegacyRenegotiation="false"
>> ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"
>>  keystoreFile="/conf/abc.key"
>> keystorePass="changeit" server=" " />
>>  
>>
>>  >   

Re: Unable to start Tomcat 10.0.4

[dkumar]

> Your more recent exception log didn't include the "caused by" exception 
--
> which is the actual failure details. Double-check that and make sure 
it's
> the same issue.
>
> Also, use netstat to confirm you aren't using the ports already. 
Changing
> it may just find another conflict (although less likely). The first 
error
> was quite clear about the port being unavailable.
> 
> How are you starting Tomcat? Are you somehow starting it twice?

I start tomcat click on batch file. I have changed port 80 to 81 please 
find both log below. Unable to find any port (80, 81, 443) in netstat. 
Please suggest where I am doing wrong 

Old log with port 80 and 443
16-Mar-2021 16:45:44.410 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL 
successfully initialized [OpenSSL 1.1.1i  8 Dec 2020]
16-Mar-2021 16:45:44.704 INFO [main] 
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler 
["http-nio-80"]
16-Mar-2021 16:45:44.716 SEVERE [main] 
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
initialize component [Connector[null-80]]
org.apache.catalina.LifecycleException: Protocol handler 
initialization failed
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:558)
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)

New log with change port 81 and 443
16-Mar-2021 20:16:06.094 INFO [main] 
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL 
successfully initialized [OpenSSL 1.1.1i  8 Dec 2020]
16-Mar-2021 20:16:06.380 INFO [main] 
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler 
["http-nio-81"]
16-Mar-2021 20:16:06.411 INFO [main] 
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler 
["https-openssl-nio-443"]
16-Mar-2021 20:16:06.413 SEVERE [main] 
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
initialize component 
[Connector[org.apache.coyote.http11.Http11NioProtocol-443]]
org.apache.catalina.LifecycleException: Protocol handler 
initialization failed
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:558)
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)

On Tue, Mar 16, 2021 at 9:38 AM  wrote:

> > Deepak,
> > You already have some service listening on port 80 (IIS maybe?)
> >
> >
> > from mobile (sorry for typos ;)
> >
> > We have changed the port still getting same error
>
> > Maybe you have the same port configured twice in your conf/server.xml?
>
> > Please post *all*  elements from your conf/server.xml file,
> > being careful to remove any secrets from your configuration.
>
> -chris
> please find conf/server.xml file
>
> 
> 
>/>
>SSLEngine="on" />
>className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
>className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" 
/>
>className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" 
/>
>   
>type="org.apache.catalina.UserDatabase"
>   description="User database that can be updated and saved"
>  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
>   pathname="conf/tomcat-users.xml" />
>   
>   
> maxThreads="150" minSpareThreads="25"
> enableLookups="false" redirectPort="445" acceptCount="100"
>connectionTimeout="302000" 
disableUploadTimeout="true"
> compression="on" compressionMinSize="2048"
> noCompressionUserAgents="gozilla, traviata"
> 
compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,application/javascript"
>
>  server=" " />
>  port="445" maxHttpHeaderSize="8192" maxThreads="150"
> minSpareThreads="25" 
enableLookups="false"
> disableUploadTimeout="true" acceptCount="100" scheme="https" 
secure="true"
> clientAuth="false" sslProtocol="TLS"
> sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true"
> allowUnsafeLegacyRenegotiation="false"
>  ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"
> keystoreFile="/conf/abc.key"
> keystorePass="changeit" server=" " />
> 
>   
> resourceName="UserDatabase"/>
>   
>unpackWARs="true" autoDeploy="true">
>  directory="logs"
>prefix="localhost_access_log" suffix=".txt"
>pattern="%h %l %u %t %r %s %b" />
>   
> 
>   
> 
>
> > 

Re: Unable to start Tomcat 10.0.4

[dkumar]

> Deepak,
> You already have some service listening on port 80 (IIS maybe?)
> 
> 
> from mobile (sorry for typos ;)
> 
> We have changed the port still getting same error

> Maybe you have the same port configured twice in your conf/server.xml?

> Please post *all*  elements from your conf/server.xml file, 
> being careful to remove any secrets from your configuration.

-chris
please find conf/server.xml file



  
  
  
  
  
  

  
  



  

  
  

  

  


> 16-Mar-2021 18:09:38.299 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio-81"]
> 16-Mar-2021 18:09:38.363 INFO [main]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["https-openssl-nio-445"]
> 16-Mar-2021 18:09:38.364 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component
> [Connector[org.apache.coyote.http11.Http11NioProtocol-445]]
>  org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
>  at
> 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
> 
> On Tue, Mar 16, 2021, 18:36  wrote:
> 
>> Dear All,
>>
>> Unable to start tomcat 10.0.4 and getting error Failed to initialize
>> component.
>> /conf/server.xml configuration as below.
>>
>>  > minSpareThreads="25" enableLookups="false" redirectPort="443"
>> acceptCount="100"
>> connectionTimeout="302000"
> disableUploadTimeout="true"
>> compression="on" compressionMinSize="2048"
>> noCompressionUserAgents="gozilla, traviata"
>>
>>
> 
compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,application/javascript"
>>
>>   server=" " />
>>
>>   ="org.apache.coyote.http11.Http11NioProtocol"
>> port="443" maxHttpHeaderSize="8192" maxThreads="150"
>>  minSpareThreads="25"
> enableLookups="false"
>> disableUploadTimeout="true" acceptCount="100" scheme="https"
> secure="true"
>>  clientAuth="false" sslProtocol="TLS"
>> sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true"
>> allowUnsafeLegacyRenegotiation="false"
>> ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"
>>  keystoreFile="/conf/abc.key"
>> keystorePass="changeit" server=" " />
>>
>>
>> Getting below error in catalina log
>>
>> Server version name:   Apache Tomcat/10.0.4
>> Server built:  Mar 5 2021 11:07:15 UTC
>> Server version number: 10.0.4.0
>> OS Name:   Windows 10
>> OS Version:10.0
>> Architecture:  x86
>> Java Home: C:\Program Files (x86)\Java\jdk1.8.0_271\jre
>> JVM Version:   1.8.0_271-b09
>> JVM Vendor:Oracle Corporation
>> CATALINA_BASE: D:\apache-tomcat-10.0.4
>> CATALINA_HOME: D:\apache-tomcat-10.0.4
>> Command line argument:
>>
>>
> 
-Djava.util.logging.config.file=D:\apache-tomcat-10.0.4\conf\logging.properties
>> Command line argument:
>> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
>> Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
>> Command line argument:
>> -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
>> Command line argument: -Dignore.endorsed.dirs=
>> Command line argument: -Dcatalina.base=D:\apache-tomcat-10.0.4
>> Command line argument: -Dcatalina.home=D:\apache-tomcat-10.0.4
>> Command line argument: -Djava.io.tmpdir=D:\apache-tomcat-10.0.4\temp
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
> Apache
>> Tomcat Native library [1.2.26] using APR version [1.7.0].
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
>> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random
>> [true], UDS [true].
>> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
>> successfully initialized [OpenSSL 1.1.1i  8 Dec 2020]
>> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
>> ["http-nio-80"]
>> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed 
to
>> initialize component [Connector[null-80]]
>>  org.apache.catalina.LifecycleException: Protocol handler
>> initialization failed
>>  at
>>
> 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
>>  at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>>  at
>>
>>
> 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:558)
>>  at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>>  at
>>
>>
> 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045)
>>  at
>> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
>>  at
>> 

Re: Unable to start Tomcat 10.0.4

[dkumar]

You already have some service listening on port 80 (IIS maybe?)


from mobile (sorry for typos ;)

We have changed the port still getting same error

16-Mar-2021 18:09:38.299 INFO [main] 
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler 
["http-nio-81"]
16-Mar-2021 18:09:38.363 INFO [main] 
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler 
["https-openssl-nio-445"]
16-Mar-2021 18:09:38.364 SEVERE [main] 
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
initialize component 
[Connector[org.apache.coyote.http11.Http11NioProtocol-445]]
org.apache.catalina.LifecycleException: Protocol handler 
initialization failed
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)

On Tue, Mar 16, 2021, 18:36  wrote:

> Dear All,
>
> Unable to start tomcat 10.0.4 and getting error Failed to initialize
> component.
> /conf/server.xml configuration as below.
>
>  minSpareThreads="25" enableLookups="false" redirectPort="443"
> acceptCount="100"
>connectionTimeout="302000" 
disableUploadTimeout="true"
> compression="on" compressionMinSize="2048"
> noCompressionUserAgents="gozilla, traviata"
>
> 
compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,application/javascript"
>
>  server=" " />
>
>  port="443" maxHttpHeaderSize="8192" maxThreads="150"
> minSpareThreads="25" 
enableLookups="false"
> disableUploadTimeout="true" acceptCount="100" scheme="https" 
secure="true"
> clientAuth="false" sslProtocol="TLS"
> sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true"
> allowUnsafeLegacyRenegotiation="false"
>  ciphers="TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA"
> keystoreFile="/conf/abc.key"
> keystorePass="changeit" server=" " />
>
>
> Getting below error in catalina log
>
> Server version name:   Apache Tomcat/10.0.4
> Server built:  Mar 5 2021 11:07:15 UTC
> Server version number: 10.0.4.0
> OS Name:   Windows 10
> OS Version:10.0
> Architecture:  x86
> Java Home: C:\Program Files (x86)\Java\jdk1.8.0_271\jre
> JVM Version:   1.8.0_271-b09
> JVM Vendor:Oracle Corporation
> CATALINA_BASE: D:\apache-tomcat-10.0.4
> CATALINA_HOME: D:\apache-tomcat-10.0.4
> Command line argument:
>
> 
-Djava.util.logging.config.file=D:\apache-tomcat-10.0.4\conf\logging.properties
> Command line argument:
> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
> Command line argument:
> -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
> Command line argument: -Dignore.endorsed.dirs=
> Command line argument: -Dcatalina.base=D:\apache-tomcat-10.0.4
> Command line argument: -Dcatalina.home=D:\apache-tomcat-10.0.4
> Command line argument: -Djava.io.tmpdir=D:\apache-tomcat-10.0.4\temp
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded 
Apache
> Tomcat Native library [1.2.26] using APR version [1.7.0].
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false], 
random
> [true], UDS [true].
> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
> successfully initialized [OpenSSL 1.1.1i  8 Dec 2020]
> org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
> ["http-nio-80"]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component [Connector[null-80]]
> org.apache.catalina.LifecycleException: Protocol handler
> initialization failed
> at
> 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
>
> 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:558)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
>
> 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045)
> at
> org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:747)
> at
> org.apache.catalina.startup.Catalina.load(Catalina.java:769)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method)
> at
>
> 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
>
> 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at
> org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
>   

Unable to start Tomcat 10.0.4

[dkumar]

Dear All,

Unable to start tomcat 10.0.4 and getting error Failed to initialize 
component.
/conf/server.xml configuration as below. 






Getting below error in catalina log

Server version name:   Apache Tomcat/10.0.4
Server built:  Mar 5 2021 11:07:15 UTC
Server version number: 10.0.4.0
OS Name:   Windows 10
OS Version:10.0
Architecture:  x86
Java Home: C:\Program Files (x86)\Java\jdk1.8.0_271\jre
JVM Version:   1.8.0_271-b09
JVM Vendor:Oracle Corporation
CATALINA_BASE: D:\apache-tomcat-10.0.4
CATALINA_HOME: D:\apache-tomcat-10.0.4
Command line argument: 
-Djava.util.logging.config.file=D:\apache-tomcat-10.0.4\conf\logging.properties
Command line argument: 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
Command line argument: 
-Djava.protocol.handler.pkgs=org.apache.catalina.webresources
Command line argument: -Dignore.endorsed.dirs=
Command line argument: -Dcatalina.base=D:\apache-tomcat-10.0.4
Command line argument: -Dcatalina.home=D:\apache-tomcat-10.0.4
Command line argument: -Djava.io.tmpdir=D:\apache-tomcat-10.0.4\temp
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache 
Tomcat Native library [1.2.26] using APR version [1.7.0].
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR 
capabilities: IPv6 [true], sendfile [true], accept filters [false], random 
[true], UDS [true].
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL 
successfully initialized [OpenSSL 1.1.1i  8 Dec 2020]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler 
["http-nio-80"]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
initialize component [Connector[null-80]]
org.apache.catalina.LifecycleException: Protocol handler 
initialization failed
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:558)
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at 
org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1045)
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at 
org.apache.catalina.startup.Catalina.load(Catalina.java:747)
at 
org.apache.catalina.startup.Catalina.load(Catalina.java:769)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at 
org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
at 
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
Caused by: java.net.BindException: Address already in use: bind
at sun.nio.ch.Net.bind0(Native Method)
at sun.nio.ch.Net.bind(Net.java:444)
at sun.nio.ch.Net.bind(Net.java:436)
at 
sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:225)
at 
org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:243)
at 
org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:198)
at 
org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1175)
at 
org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1188)
at 
org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:580)
at 
org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:82)
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1052)
... 13 more
16-Mar-2021 16:45:44.717 INFO [main] 
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler 
["https-openssl-nio-443"]
16-Mar-2021 16:45:44.723 SEVERE [main] 
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to 
initialize component 
[Connector[org.apache.coyote.http11.Http11NioProtocol-443]]
org.apache.catalina.LifecycleException: Protocol handler 
initialization failed
at 
org.apache.catalina.connector.Connector.initInternal(Connector.java:1055)
at 
org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at 
org.apache.catalina.core.StandardService.initInternal(StandardService.java:558)

Thanks & Regards
Deepak Kumar

"Disclaimer and confidentiality clause -
 This message and any 

RE: Error parsing HTTP request header

[dkumar]

May I know the tomcat version please.

- It is apache-tomcat-8.0.41
-Original Message-
From: dku...@ccilindia.co.in [mailto:dku...@ccilindia.co.in] 
Sent: 26 February 2020 19:01
To: 'Tomcat Users List'
Subject: Error parsing HTTP request header

Dear Team,

We are getting below error in catelina log while starting the tomcat.

26-Feb-2020 18:57:36.795 INFO [main]
org.apache.catalina.startup.Catalina.start Server startup in 21520 ms
26-Feb-2020 18:57:38.277 INFO [http-nio-443-exec-11]
org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing 
HTTP
request header
 Note: further occurrences of HTTP header parsing errors will be logged at
DEBUG level.
 java.lang.IllegalArgumentException: Invalid character found in the 
request
target. The valid characters are defined in RFC 7230 and RFC 3986
at
org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNio
InputBuffer.java:283)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Proce
ssor.java:1017)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(Abstrac
tProtocol.java:684)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.jav
a:1524)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:
1480)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:11
49)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:6
24)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.ja
va:61)
at java.lang.Thread.run(Thread.java:748)

Will this impact any performance of our tomcat.

Thanks & Regards
Deepak Kumar
CCIL - IT
022-61546230
CIN of CCIL- U65990MH2001PLC131804

"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments."

Error parsing HTTP request header

[dkumar]

Dear Team,

We are getting below error in catelina log while starting the tomcat.

26-Feb-2020 18:57:36.795 INFO [main] 
org.apache.catalina.startup.Catalina.start Server startup in 21520 ms
26-Feb-2020 18:57:38.277 INFO [http-nio-443-exec-11] 
org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing 
HTTP request header
 Note: further occurrences of HTTP header parsing errors will be logged at 
DEBUG level.
 java.lang.IllegalArgumentException: Invalid character found in the 
request target. The valid characters are defined in RFC 7230 and RFC 3986
at 
org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:283)
at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1017)
at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:684)
at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1524)
at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1480)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)

Will this impact any performance of our tomcat.

Thanks & Regards
Deepak Kumar
CCIL - IT
022-61546230
CIN of CCIL- U65990MH2001PLC131804
"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments."

Re: Unable to start tomcat

[dkumar]

Dear Jason,

Thank you for link. As per below link. I have started our Window Server 
and problem has been resolved. We are able to start our tomcat. 
But my worry is, I am unable to find out Root Cause of problem. And how to 
handle it in future. 
Do we have any way to monitor buffer space or queue size or do we have any 
other way to free buffer space or queue size without starting the window 
server. 
---
have you try google?
https://stackoverflow.com/questions/4415175/an-operation-on-a-socket-could-not-be-performed-because-the-system-lacked-suffi


On Wed, Feb 26, 2020 at 2:47 PM  wrote:
>
> Dear Jason,
>
> Thank for your reply. I am unable to understand below hint. Will you
> please help me out. What action should I take to start my tomcat. And 
how
> I can see my buffer space or queue size.
>
> --
> This looks informative and should give u hint and where you should
> begin troubleshooting.
>
> org.apache.tomcat.jni.Error: 730055: An operation on a socket could not
> be performed because the system lacked sufficient buffer space or 
because
> a queue was full.
>
> On Wed, Feb 26, 2020 at 2:30 PM  wrote:
> >
> > Dear Team
> >
> > I have updated JRE from jre1.8.0_25 to jre1.8.0_211 on my window 
server
> > 2012. and My tomcat version is apache-tomcat-8.0.41.
> > It was running fine last 6 hours but now I am getting error while
> stating
> > the tomcat
> >
> > 26-Feb-2020 11:22:23.600 SEVERE [main]
> > org.apache.tomcat.util.net.AprEndpoint.allocatePoller Poller creation
> > failed
> >  org.apache.tomcat.jni.Error: 730055: An operation on a socket could 
not
> > be performed because the system lacked sufficient buffer space or
> because
> > a queue was full.
> > at org.apache.tomcat.jni.Poll.create(Native Method)
> > at
> >
> 
org.apache.tomcat.util.net.AprEndpoint.allocatePoller(AprEndpoint.java:881)
> > at
> >
> 
org.apache.tomcat.util.net.AprEndpoint$Poller.init(AprEndpoint.java:1431)
> > at
> >
> 
org.apache.tomcat.util.net.AprEndpoint.startInternal(AprEndpoint.java:707)
> > at
> >
> 
org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:828)
> > at
> > org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:491)
> > at
> >
> 
org.apache.catalina.connector.Connector.startInternal(Connector.java:986)
> > at
> > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> > at
> >
> 
org.apache.catalina.core.StandardService.startInternal(StandardService.java:459)
> > at
> > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> > at
> >
> 
org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:789)
> > at
> > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> > at 
org.apache.catalina.startup.Catalina.start(Catalina.java:629)
> > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> > at
> >
> 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> > at
> >
> 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:483)
> > at
> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:351)
> > at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:485)
> >
> > Please suggest .
> >
> > Thanks & Regards
> > Deepak Kumar
> > CCIL - IT
> > 022-61546230
> > CIN of CCIL- U65990MH2001PLC131804




"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments."

Re: Unable to start tomcat

[dkumar]

Dear Jason,

Thank for your reply. I am unable to understand below hint. Will you 
please help me out. What action should I take to start my tomcat. And how 
I can see my buffer space or queue size.

--
This looks informative and should give u hint and where you should
begin troubleshooting.

org.apache.tomcat.jni.Error: 730055: An operation on a socket could not
be performed because the system lacked sufficient buffer space or because
a queue was full.

On Wed, Feb 26, 2020 at 2:30 PM  wrote:
>
> Dear Team
>
> I have updated JRE from jre1.8.0_25 to jre1.8.0_211 on my window server
> 2012. and My tomcat version is apache-tomcat-8.0.41.
> It was running fine last 6 hours but now I am getting error while 
stating
> the tomcat
>
> 26-Feb-2020 11:22:23.600 SEVERE [main]
> org.apache.tomcat.util.net.AprEndpoint.allocatePoller Poller creation
> failed
>  org.apache.tomcat.jni.Error: 730055: An operation on a socket could not
> be performed because the system lacked sufficient buffer space or 
because
> a queue was full.
> at org.apache.tomcat.jni.Poll.create(Native Method)
> at
> 
org.apache.tomcat.util.net.AprEndpoint.allocatePoller(AprEndpoint.java:881)
> at
> 
org.apache.tomcat.util.net.AprEndpoint$Poller.init(AprEndpoint.java:1431)
> at
> 
org.apache.tomcat.util.net.AprEndpoint.startInternal(AprEndpoint.java:707)
> at
> 
org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:828)
> at
> org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:491)
> at
> 
org.apache.catalina.connector.Connector.startInternal(Connector.java:986)
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> at
> 
org.apache.catalina.core.StandardService.startInternal(StandardService.java:459)
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> at
> 
org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:789)
> at
> org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:629)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:483)
> at 
org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:351)
> at 
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:485)
>
> Please suggest .
>
> Thanks & Regards
> Deepak Kumar
> CCIL - IT
> 022-61546230
> CIN of CCIL- U65990MH2001PLC131804
> "Disclaimer and confidentiality clause -
>  This message and any attachments relating to official business of CCIL 
OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the 
original addressee only.
> The message may contain information that is confidential and subject to 
legal privilege.
> Any views expressed in this message are those of the individual sender.
> If you have received this message in error, please notify the original 
sender immediately and destroy the message and copies thereof and any 
attachments contained in it .
>  If you are not the intended recipient of this message, you are hereby 
notified that you must not disseminate, copy, use, distribute, or take any 
action in connection therewith.
>  CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference.
> CCIL is not liable whatsoever for loss or damage resulting from the 
opening of this message and/or attachments and/or the use of the 
information contained in this message and/or attachments."

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting 

Unable to start tomcat

[dkumar]

Dear Team

I have updated JRE from jre1.8.0_25 to jre1.8.0_211 on my window server 
2012. and My tomcat version is apache-tomcat-8.0.41.
It was running fine last 6 hours but now I am getting error while stating 
the tomcat

26-Feb-2020 11:22:23.600 SEVERE [main] 
org.apache.tomcat.util.net.AprEndpoint.allocatePoller Poller creation 
failed
 org.apache.tomcat.jni.Error: 730055: An operation on a socket could not 
be performed because the system lacked sufficient buffer space or because 
a queue was full. 
at org.apache.tomcat.jni.Poll.create(Native Method)
at 
org.apache.tomcat.util.net.AprEndpoint.allocatePoller(AprEndpoint.java:881)
at 
org.apache.tomcat.util.net.AprEndpoint$Poller.init(AprEndpoint.java:1431)
at 
org.apache.tomcat.util.net.AprEndpoint.startInternal(AprEndpoint.java:707)
at 
org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:828)
at 
org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:491)
at 
org.apache.catalina.connector.Connector.startInternal(Connector.java:986)
at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at 
org.apache.catalina.core.StandardService.startInternal(StandardService.java:459)
at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at 
org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:789)
at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.startup.Catalina.start(Catalina.java:629)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:351)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:485)

Please suggest .

Thanks & Regards
Deepak Kumar
CCIL - IT
022-61546230
CIN of CCIL- U65990MH2001PLC131804
"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments."

RE: Appscan Issues

[dkumar]

Dear Amith,





Thanks... I will me more detailed.
We don't use Apache HTTPD or ngnix. It's just tomcat7. Below is my 
connector configuration.

  



Regards,
Amith

Can you use sslEnabledProtocols="TLSv1.2,TLSv1.1" SSLEnabled="true" in 
connector tag as below.
  

Thanks and Regards
Deepak

-Original Message-
From: Olaf Kock [mailto:tom...@olafkock.de] 
Sent: Friday, April 08, 2016 9:29 AM
To: users@tomcat.apache.org
Subject: Re: Appscan Issues



Am 08.04.2016 um 15:17 schrieb Kikkeri, Amith:
> Hi,
> Appscan was performed on our application and 2 issues were encountered. 
Could anyone please let me know how to resolve these issues ? We use 
tomcat7.
>
> Browser Exploit Against SSL/TLS (a.k.a. BEAST)
> RC4 cipher suites were detected
> (Remove support of SSLv3/TLS1.0 cipher suites with CBC.)
Sure. Remove SSL support.

Seriously: With the level of information that you give, what's the level 
of detail that you expect back?

Are you using tomcat only? Do you front it with Apache httpd? nginx? Any 
loadbalancer or SSL-Terminator (pardon the use of SSL here)? If you only 
have tomcat, what's the configuration of your https connector? Which of 
the options that are documented in the connector's documentation (
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support or 
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html among others) do 
you need help with?

Olaf

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments."

RE: HSTS missing from HTTPS server on tomcat 8.0.27

[dkumar]

Dear Harrie,

We have already implemented the said configuration of filter. 

Still we are unable to implement HSTS. 
This configuration works absolutely fine on tomcat running running on 
windows, but in the case of unix we aren't able to achieve HSTS. 

Below are the steps followed by us:

We have downloaded latest tomcat tar.gz from tomcat website,
Deployed our application on it, 
Made above changes in conf\web.xml and then started tomcat. no error till 
this point. 
When i started VA testing on the server i get below error :
Note: further occurrences of HTTP header parsing errors will be logged at 
DEBUG level.
 java.lang.IllegalArgumentException: Invalid character (CR or LF) found in 
method name
at 
org.apache.coyote.http11.AbstractNioInputBuffer.parseRequestLine(AbstractNioInputBuffer.java:228)
at 
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1010)
at 
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:674)
at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
at 
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at 
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)


and then  VA test results show that HSTS is not configured.

Please note that we followed the above steps for tomcat on windows and 
every thing is absolutely fine and even results of VA test don't contain 
HSTS information.
Any  help is greatly appreciated.



From:   "Harrie Robins" 
To: "'Tomcat Users List'" 
Date:   08-02-2016 20:51
Subject:RE: HSTS missing from HTTPS server on tomcat 8.0.27



Hello!

Missing HSTS is not a vulnerability, as Mark pointed out, it is a feature.
In your web.xml

  
httpHeaderSecurity
 
org.apache.catalina.filters.HttpHeaderSecurityFilter

hstsEnabled
true


hstsMaxAgeSeconds
31536000


hstsIncludeSubDomains
true

true


This will NOT activate HSTS for your application, you will need to add 
this
mapping as well (edit to needs and add to application):


httpHeaderSecurity
/*
REQUEST


Regards,

Harrie

-Original Message-
From: dku...@ccilindia.co.in [mailto:dku...@ccilindia.co.in] 
Sent: maandag 8 februari 2016 15:50
To: 'Tomcat Users List' 
Subject: HSTS missing from HTTPS server on tomcat 8.0.27

Hi,

We are unable to fix the vulnerability of "HSTS missing from HTTPS server" 

on apache tomcat  8.0.27 while running on unix operating system. Below is
the system configuration:

 OS Name:   HP-UX
 OS Version:B.11.31
 Architecture:   IA64N
Java Home:/opt/java8/jre
JVM Version:  1.8.0.04-hp-ux-b2
JVM Vendor:   Hewlett-Packard Company

We have uncommented the httpHeaderSecurity in the filter tag of 
conf/web.xml
file, but still the vulnerability exists. We have also tried with apache
tomcat 8.0.30, but in vain.


Any help to fix this vulnerability is appreciated.

Thanks & Regards
Deepak Kumar
"Disclaimer and confidentiality clause -  This message and any attachments
relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is
proprietary to CCIL and intended for the original addressee only.
The message may contain information that is confidential and subject to
legal privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original
sender immediately and destroy the message and copies thereof and any
attachments contained in it .
 If you are not the intended recipient of this message, you are hereby
notified that you must not disseminate, copy, use, distribute, or take any
action in connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been
maintained nor that it is free of errors, viruses, interception and/or
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the 
opening
of this message and/or attachments and/or the use of the information
contained in this message and/or attachments."


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 

HSTS missing from HTTPS server on tomcat 8.0.27

[dkumar]

Hi,

We are unable to fix the vulnerability of "HSTS missing from HTTPS server" 
on apache tomcat  8.0.27 while running on unix operating system. Below is 
the system configuration:

 OS Name:   HP-UX
 OS Version:B.11.31
 Architecture:   IA64N
Java Home:/opt/java8/jre
JVM Version:  1.8.0.04-hp-ux-b2
JVM Vendor:   Hewlett-Packard Company

We have uncommented the httpHeaderSecurity in the filter tag of 
conf/web.xml file, but still the vulnerability exists. We have also tried 
with apache tomcat 8.0.30, but in vain.


Any help to fix this vulnerability is appreciated.

Thanks & Regards
Deepak Kumar
"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments."

Unable to fix the vulnerability of " HSTS missing from HTTPS server" on tomcat 8.0.27 running on unix .

[dkumar]

Hi ,


We are unable to fix the vulnerability of " HSTS missing from HTTPS 
server" on apache tomcat  8.0.27 running on unix .

We found the solution for the same by enabling httpHeaderSecurity filter 
in conf\web.xml file,  tag and it works absolutely fine for tomcat 
8.0.27  on windows, 

but the same change on Tomcat 8.0.27 on UNIX, doesn't fix the 
vulnerabiltiy.

The only significant difference we found in tomcats running on  unix and 
windows 

Tomcat running on windows has JDK 8 installed and tomcat running on unix 
has JDK 1.7.0.04.

Is this reason hampering the fix to the vulnerability.  If not what is the 
solution for this.


Any help is greatly appreciated.



Thanks & Regards
Deepak Kumar
"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments."

Re: Tomcat hanged on window server 2012

[dkumar]

From:   Christopher Schultz ch...@christopherschultz.net
To: Tomcat Users List users@tomcat.apache.org
Date:   17-08-2015 18:32
Subject:Re: Tomcat hanged  on window server 2012



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear Chris,

Thanks for the reply, our response to ur questions are highlighted in 
blue.

Any help is greatly appreciated.


On 8/17/15 7:13 AM, dku...@ccilindia.co.in wrote:
 Our application worked fine on tomcat 8.0.22 on windows server 2003
  server. The tomcat server is restarted daily using a scheduler on
  shutdown.bat (at night) and startup.bat files (in the morning).

I'm curious, why do you take-down your service overnight?

1.We have downtime for our website. 

 We have now upgraded our machine to windows server 2012 64 bit and
 now facing some serious issues like the tomcat remains in hanged
 stage( not responding state.).Once we restart the tomcat server,
 everything works fine.And this happens only once in a day. After
 the restart of tomcat,(manually by double click on shutdown.bat
 file and startup.bat file)  it never repeats.

When you manually run shutown.bat/startup.bat, what is the effective
user? When the scheduler runs, what is the effective user? Perhaps the
environment is not configured correctly for one or the other of those.

2. Manually clicking on the shutdown.bat file and letting it happen 
through a scheduler is done by the same user credentials.

 We have not found any error in all the relevant log files.
 
 We have made the below changes while migration. 1. java upgrade
 from 1.7.0_40 to 1.8.0_25 2.Removed the tomcat-native.dll file from
 the bin folder.

Why did you remove tomcat-native.dll? You could use the 64-bit version
instead of the 32-bit version if you'd like.

3. We have removed tomcat-native.dll file , because we were getting 
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR 
based Apache Tomcat Native library 1.1.32 using APR version 1.5.1. which 
was indicated as vullnerability by our security team. Also we are using 
NIO connector and not APR.


 The configuration of new windows server 2012 is as follows: OS
 Name:   Windows Server 2012-64 bit OS Version:
 6.2 java   1.8.0_25 (32 bit)
 
 However, we have observed the below error in the windows event
 viewer log
 
 A fatal alert was generated and sent to the remote endpoint. This
 may result in termination of the connection. The TLS protocol
 defined fatal error code is 10. The Windows SChannel error state is
 10.

Check
https://msdn.microsoft.com/en-us/library/windows/desktop/dd721886%28v=vs
.85%29.aspx

Error 10 is unexpected message, which might happen if your client
was trying to connect using SSLv3 or some other unsupported protocol.
What does your Connector look like?

4. Our connector tag is as shown below.
Connector protocol =org.apache.coyote.http11.Http11NioProtocol 
port=XXX maxHttpHeaderSize=8192 maxThreads=150 
minSpareThreads=25 enableLookups=false 
disableUploadTimeout=true acceptCount=100 scheme=https secure=true
clientAuth=false sslProtocol=TLS 
sslEnabledProtocols=TLSv1.2,TLSv1.1,TLSv1 SSLEnabled=true 
allowUnsafeLegacyRenegotiation=false
ciphers=XXX 
keystoreFile=X  keystorePass= server= 
/Connector

 Is this error responsible for the hanging of tomcat server or Is it
 due to absence of tomcat-native.dll file ??? or is there any other
 reason why the tomcat server goes into hanging state ???

A thread dump or two would be helpful:
http://wiki.apache.org/tomcat/HowTo#If_you_are_running_on_Microsoft_Wind
ows

What you say that Tomcat has hung what do you mean? Will it respond
to HTTP requests? If you run shutdown.bat, will it shutdown cleanly,
or do you have to kill the process?

5. Tomcat has hung means,the web page was not available and not 
responding for the end users .We had to kill it from the task manager as 
it was not shutting down using shutdown.bat file.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJV0ds2AAoJEBzwKT+lPKRYBtAQAIyPltQAUPX/ybDt63qTCiSb
CRr9vSKJzyYkLbP2RM3AUsXbEZ40sJumNtkcAa8nNRPUDdNhijYUTRiFPpxtBYzD
lKgafbOPLxh+oCeOmTTM1yIHYxAQI+4Ajy0cRR64YTVdtQ6uM0T/v2qbaidii0zX
Y8yCMSCdZ4YFYG2j5Ix6ezN4O/ixNNV+iiQCnKVJgC/WKSJBlnrUkQLHLR80fHvE
MCAncgiHMXPEUwOE297aw/7zBwlXeMe9T+aOAOIMFqhirCwf9KLYqn68Nk77gxfT
uwuDZLFgIh6DEBfkLSbOFoJai4IneHjdy+voJXZw58VStj2IBbwGWuc6uOv6XAke
zsqhnJpBlClncjXol4VgJKvivF0RM070RvISRPNh6HfCF3staaom/Luv2v5NQDFB
mInXhPEH/GgruY0z3KPmX/il1uRZAxNVVZ6RRtK+IgxE1GsX6OR8sgLs5OZG8Ncv
InPFe+3e04ZWjJOvfWdBilC34soH8b4VNwlZpyOWad9HTxLnzzYecwJo3On2vbtO
eKyMT0lS0aUZYcXwnkyBXPdd5OoHoxCs4g/C3/GBCBtqqwHkarkC2QKD5EkwzmHn
NqPeUjQln36tA39KCXt7K0vmsh7Ne7VUSOBv+ZsDqfNcaYgYo94vFQwtNLbGP+DH
2Zs6zTaZOaiR++PgkAgz
=Hqri
-END PGP SIGNATURE-

-
To 

Tomcat hanged on window server 2012

[dkumar]

Hi,
Our application worked fine on tomcat 8.0.22 on windows server 2003 
server. The tomcat server is restarted daily using a scheduler on 
shutdown.bat (at night) and startup.bat files (in the morning).

We have now upgraded our machine to windows server 2012 64 bit and now 
facing some serious issues like the tomcat remains in hanged stage( not 
responding state.).Once we restart the tomcat server, everything works 
fine.And this happens only once in a day. After the restart of 
tomcat,(manually by double click on shutdown.bat file and startup.bat 
file)  it never repeats.

We have not found any error in all the relevant log files.

We have made the below changes while migration.
1. java upgrade from 1.7.0_40 to 1.8.0_25
2.Removed the tomcat-native.dll file from the bin folder.
The configuration of new windows server 2012 is as follows:
OS Name:   Windows Server 2012-64 bit
OS Version:6.2
java   1.8.0_25 (32 bit)

However, we have observed the below error in the windows event viewer log

A fatal alert was generated and sent to the remote endpoint. This may 
result in termination of the connection. The TLS protocol defined fatal 
error code is 10. The Windows SChannel error state is 10.

Is this error responsible for the hanging of tomcat server or
Is it due to absence of tomcat-native.dll file ??? or
is there any other reason why the tomcat server goes into hanging state 
???

Any help is greatly appreciated.

Thanks  regards
Deepak kumar
Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Getting javax.net.ssl.SSLHandshakeException

[dkumar]

Dear All,

We have migrated from apache tomcat 8.0.8 to apache tomcat 8.0.18.(to 
prevent  the poodle attack). But now we are facing the below issue.

javax.net.ssl.SSLHandshakeException: Remote host closed connection during 
handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown 
Source)
at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown 
Source)
at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown 
Source)
at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown 
Source)
at 
sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown 
Source)
at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown 
Source)
at connection.ReceiveConnect.connect(ReceiveConnect.java:77)
at util.ReceiveFile.run(ReceiveFile.java:94)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
... 11 more


Any help will be greatly appreciated.

Thanks and Regards
Deepak Kumar
Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Re: Getting javax.net.ssl.SSLHandshakeException

[dkumar]

Dear Christopher ,

Perhaps you disabled SSLv3 and a client is trying to connect using SSLv3?

We agree with your above statement. We have disabled SSLv3 on Tomcat 
server and our client is an exe which sends request using below code.

URL server = new URL(url);
jprogress.setValue(11);
final String hostvar = ip;
HttpsURLConnection.setDefaultHostnameVerifier(new 
HostnameVerifier() {
public boolean verify(String hostname, SSLSession 
session) {
if (hostname.equals(hostvar)) {
return true;
} else {
return false;
}
}
});
try{
HttpsURLConnection con = (HttpsURLConnection) 
server.openConnection();
jprogress.setValue(14);
con.setConnectTimeout(9000);
con.setDoOutput(true);
con.setUseCaches(false);
con.setReadTimeout(6);
jprogress.setValue(16);

We are unable to find at which point the client exe uses either TLS or 
SSLv3 to send request to the server.
Also we find that client exe works fine in other machines.
We want to know if this is system specific or java specific. 

Any help will be greatly appreciated.

Thanks and Regards
Deepak kumar





From:   Christopher Schultz ch...@christopherschultz.net
To: Tomcat Users List users@tomcat.apache.org
Date:   24-02-2015 20:36
Subject:Re: Getting javax.net.ssl.SSLHandshakeException



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Deepak,

On 2/24/15 9:19 AM, dku...@ccilindia.co.in wrote:
 We have migrated from apache tomcat 8.0.8 to apache tomcat
 8.0.18.(to prevent  the poodle attack).

Note that upgrading Tomcat is not necessary to mitigate SSL POODLE.
Upgrading does have other advantages, though.

 But now we are facing the below issue.
 
 javax.net.ssl.SSLHandshakeException: Remote host closed connection
 during handshake at
 com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown 
 Source) at 
 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
  Source) at 
 com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
 Source) at 
 com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
 Source) at
 sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown 
 Source) at 
 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
  Source) at 
 sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
  Source) at 
 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
  Source) at
 connection.ReceiveConnect.connect(ReceiveConnect.java:77) at
 util.ReceiveFile.run(ReceiveFile.java:94) at
 java.lang.Thread.run(Unknown Source) Caused by:
 java.io.EOFException: SSL peer shut down incorrectly at
 com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) ...
 11 more
 
 
 Any help will be greatly appreciated.

Perhaps you disabled SSLv3 and a client is trying to connect using SSLv3?

Try using this tool to probe your server to see what it can do:
http://markmail.org/thread/tz4z44nfjl7sy2lj

Also remember this: http://markmail.org/thread/ip4j45tioft4bntd

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJU7JLBAAoJEBzwKT+lPKRYT8UP/jFwpGCb0ZrNQuyOYQRtB+Fb
7vzciBQbsyXTKin7l5g2+31nP9NGFgxbrXhswJWMQL9ZQyyKxxe4H5RUagpT+IkZ
yAkmh7BzTaIkCgQjEVS9y7mQK/lPG37umYcnz4/yKQ/zQKXVeKfxrlOGpNXMtxMu
0QClDNbUrmIfTOOhHmcXiwgcH7bK/mjfeDqow1IyU/mL5J5C66iTEgUEtivGmtyi
yCTgWkEQaAlUoQ85Tzp6FQHHA7irIo2IQppBba+BOz2rx+GYrLil2qCaAopbE57T
5LPqrOU0uI2irlc/4wLBxR6MqS6SeZ7aaGMDPqUWfvlg+OlQBl5XFJmlISd1hwTU
Sv6wwfFJ7DMvE2KqSMIAtgyM+WfvveJqvf8aE0aaDYt/ikP3mV6r3YUa7IA9r3Lf
WdP69upZIZSZMu6G8npNqMzqmWjeYq/K3Rjli5a/9sERdSDA1cwxwitwWklTzEnL
VP6pdjoK6UBZFrhaIDmWX4yshGQRgptycna+edh3zd9elAT3utffswAXOP063ToP
KD/JmSOSOra0asZq7t6Dl+IqczK3tjByleAJdHlsxqiYGl77XnnGZzxg1qmQBQO2
dqWD+4KZay8X29N26sUWvEJBrBMrddwSRE7YU210ncGSuX4VaUy1iGiZmyCHFtoO
WpZRD0ruzsx95nIJE8J/
=Fk6V
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 

Only one request from client but was served twice by Tomcat

[dkumar]

Dear All,

We have a client that is basically a JAVA desktop application that calls a 
servlet which is hosted at Tomcat server. 

The flow of request and response both are logged at the client as well as 
the server end.( i.e each and every request and response is logged)

Now, the client sent a request at a particular time say 9.00 am.(This is 
logged at client end). the request was served and logged at server end.
but it seems Acknowledgement from the server did not reach the client 
(Assuming the network congestion) and not present in the client logs.
After three minutes, the request was once again served by Tomcat, and 
again logged at server end, but at client end no logging for a fresh 
second request made, and logs of one successful completion of the request.

Totally there was only one request from client but was served twice by 
Tomcat what could be the reason?

We are using 
Tomcat  - 7.0.35 on Unix box
In server.xml 
Connector port=8443 SSLEnabled=true acceptCount=500 
protocol=org.apache.coyote.http11.Http11NioProtocol
allowUnsafeLegacyRenegotiation=false maxThreads=5 scheme=https 
secure=true clientAuth=false


Thanks and Regards
Deepak Kumar
Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Cannot disable SSL v3

[dkumar]

Dear All,

Below is my configuration in server.xml file of tomcat 7.0.22. 

Connector className =org.apache.catalina.connector.http.HttpConnector 
port=443 maxHttpHeaderSize=8192 maxThreads=150 
minSpareThreads=25 enableLookups=false 
disableUploadTimeout=true acceptCount=100 scheme=https secure=true
clientAuth=false sslProtocol=TLS 
SSLEnabled=true allowUnsafeLegacyRenegotiation=false
 
ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA
keystoreFile=*** keystorePass=*** 
server= 
   Factory 
className=org.apache.catalina.net.SSLServerSocketFactory 
clientAuth=false protocol=TLS/
/Connector

I tried with below changes.
1. sslProtocol changed to SSLProtocol
2. Removed SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher from ciphers 
3. sslProtocol =TLS changed to sslProtocol =TLSv1

But still unable to disable SSL v3
Any help will be appreciated.

Thanks and Regards
Deepak
Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Re: Cannot disable SSL v3

[dkumar]

Dear Chris

Thanks for your reply
How can I know which protocol support my JVM.
We are using java1.7.0_40
I have tested with https://www.ssllabs.com/ssltest/index.html

Please let us know is any turnaround in my server.xml configuration to 
disable SSL v3.


Thanks and Regards
Deepak







-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Deepak,

On 10/17/14 11:58 AM, dku...@ccilindia.co.in wrote:
 Below is my configuration in server.xml file of tomcat 7.0.22.

Upgrade.

 Connector className
 =org.apache.catalina.connector.http.HttpConnector

No such class exists. Which connector are you actually using? A Java
connector or the native connector?

 port=443 maxHttpHeaderSize=8192 maxThreads=150 
 minSpareThreads=25 enableLookups=false 
 disableUploadTimeout=true acceptCount=100 scheme=https
 secure=true clientAuth=false sslProtocol=TLS

Use of sslProtocol indicates that you are using a Java connector.

 SSLEnabled=true allowUnsafeLegacyRenegotiation=false
 
 
ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA

Use
 
of ciphers indicates that you are using a Java connector.

Please see the documentation for the HTTP connector:
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html

The sslProtocol attribute is documented to use JVM-defined strings.
You will need to see what protocols are supported by your JVM.

 keystoreFile=*** keystorePass=*** server=  Factory 
 className=org.apache.catalina.net.SSLServerSocketFactory 
 clientAuth=false protocol=TLS/

Why are you configuring an SSLServerSocketFactory here? I don't
believe that is even a valid configuration.

 /Connector
 
 I tried with below changes. 1. sslProtocol changed to SSLProtocol

sslProtocol is for Java connectors while SSLProtocol is for the native
connector.

 2. Removed SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher from ciphers

This configures a single cipher and not a protocol.

 3. sslProtocol =TLS changed to sslProtocol =TLSv1
 
 But still unable to disable SSL v3

Did you restart? What were the results? How did you test?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJUQUnZAAoJEBzwKT+lPKRYgmYP/3PG61mtnazM/ghZNYV/u0zo
CCvWlNaYWjrIEg25o/IvOTnTOhKmyfOkYnJ/9CrTtA8qrrhOnPZQl5wSfYpHWRVS
rpIbMy3IuPRqRhugDCmwFeGWZW2PtHagSPj+M8BrYjnthVlHcxDJil5qvDtf+DVu
2iH5VWODtBGHvouQ4OSm/R+1dzmwcgeQrQuTRuhTxfw0+Li+aKG9uAzULECZhwac
rI7ziFGNTRXYneSNjRd8HA9zcG0onHJu9iQadBHyjeX1tMiC3zQqvQGgml9djAGL
Nv6kyIAQrgwr2Ru79ONWUz3KGllDQMoBrgHHNJHLx0KrFNl9/NfdMOT/+L70YpEB
XPnRfVIadmSfNU2bqlpQu6aaU/B5aQhL4LErcgK5njhF2GT7Ed95MYihYDh3BYnR
vtv0Ccx6Sa2Mv8ZKm4evo30Epv9SMp4Y2Y+G+Hws78zJoCbVVa8W9juLolQ3iJhT
5w93x+AaXIDGkqr5xBKqEFCUirAIJZNyNmAh/ponTTPyPZS7uJ7Iqnu+So0WTqyt
UwNurdQ1cdGqfdaIlS1S/sam0oxEF4UQ0X5CCEQjnbj8DeMBRgiFd35qhQvhTJpH
A92dI9NyHpLVYTf39D7VEu3KbNPr5f1t1ClUaRrmKRzPj9FbS+TSYP+7bp01CcNr
x0CXTAdCXQlq3P9eon3h
=JTST
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Re: cannot disable SSL v3 [SOLVED]

[dkumar]

Hello all,

I have removed SSL cypher from my configuration. and its working.
Please let me know is this correct way to solve this.

I am running Tomcat 7.0.22
 Connector port=443 maxThreads=150 
scheme=https secure=true
sslProtocol=TLS  SSLEnabled=true
ciphers=

Thanks and regards
Deepak






On 10/16/2014 2:38 PM, Vu Pham wrote:
 I believe some village somewhere was missing somebody :)

 Reading the tomcat/apr doc
 (http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support) ,
 I found that I have to use SSLProtocol instead of sslProtocol.

Tomcat's case-sensitivity has bitten me more than once!



 After making that change, SSLv3 disappear.

 Thanks,
 Vu

 On 10/16/2014 08:32 AM, vu pham wrote:
 All,

 I am running tomcat 7.0.26 with APR on RHEL 5.10 (x86_64) .  My
 server.xml 's configuration for the https connector  is as follows:

 Connector port=443 protocol=HTTP/1.1 SSLEnabled=true
maxThreads=150 scheme=https secure=true
clientAuth=false sslProtocol=TLSv1

 SSLCertificateKeyFile=/u01/apache-tomcat-7.0.26/conf/servey_xxx.key

 SSLCertificateFile=/u01/apache-tomcat-7.0.26/conf/server_xxx.crt

 
SSLCACertificateFile=/u01/apache-tomcat-7.0.26/conf/SSL123_CA_Bundle.pem

 /

 I also tried sslProtocol with different values of TLS, TLSv1.1, and
 TLSv1.2, but the ssl tests such the ones from SSLLabs or Thawte claim
 that my server still has SSLv3 enabled.

 Any advice is greatly appreciated.

 Thanks,
 Vu


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

denying the request if it comes through IP address instead of DNS

[dkumar]

Hello All,

We are using -
Tomcat Version - 7.0.22
Operating System Version : Windows 2003 server


To close a vulnerability, To denying the request if it comes through IP 
address instead of DNS, we have made below configuration changes in 
server.xml


 Engine name=Catalina defaultHost=server DNS name defaultHost was 
set to localhost prior to change
 

 Host name=server DNS name  appBase=webapps  unpackWARs=true 
autoDeploy=true Hostname was set to localhost prior to change



But Due this change we are losing logging in localhost.log in logs folder 
of TOMCAT, Please suggest how to redirect console logging to a given file 
or how to retain the localhost.log file of tomcat.

Kindly also let us know instead of above settings any other configuration 
setting will make denial of any request if it comes through IP address 
instead of DNS,

Thanks  Regards
Deepak Kumar
Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Unable to start tomcat (JDBC-ORACLE CONNECTIVITY ISSUE WITYH OCI8 DRIVER using oracle 11g client.)

[dkumar]

Dear All,

JDBC-ORACLE CONNECTIVITY ISSUE WITYH OCI8 DRIVER using oracle 11g client..
I am getting below error when i m trying to access oracle db using oracle 
11g client. It works with earlier oracle client versions. how do i resolve 
this.  is there any issue with version of ojdbc6.jar that i am using??? I 
cant use thin driver since its an old application for which i dont have 
source files.

Apr 6, 2013 1:00:59 PM org.apache.catalina.core.StandardWrapperValve 
invoke
SEVERE: Servlet.service() for servlet jsp threw exception
java.lang.UnsatisfiedLinkError: no ocijdbc9 in java.library.path
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1682)
at java.lang.Runtime.loadLibrary0(Runtime.java:822)
at java.lang.System.loadLibrary(System.java:992)
at oracle.jdbc.oci8.OCIDBAccess.logon(OCIDBAccess.java:262)
at 
oracle.jdbc.driver.OracleConnection.init(OracleConnection.java:346)
at 
oracle.jdbc.driver.OracleDriver.getConnectionInstance(OracleDriver.java:468)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:314)
at java.sql.DriverManager.getConnection(DriverManager.java:525)
at java.sql.DriverManager.getConnection(DriverManager.java:171)
at PettyCash.SysDate.getSysSubSys(SysDate.java:232)
at 
org.apache.jsp.PettyCash.index_jsp._jspService(org.apache.jsp.PettyCash.index_jsp:186)
at 
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at 
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:322)
at 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
at 
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
 

Code is as follow for reference

import oracle.jdbc.driver.*;

DriverManager.registerDriver(new oracle.jdbc.OracleDriver());
conn = DriverManager.getConnection (jdbc:oracle:oci8:@ + 
database,db_user, db_pass); 


eNVIRONMENT VARIABLES set are as follows:
classpath
C:\Program 
Files\apache-tomcat-5.5.12\common\lib\servlet-api.jar;C:\Program 
Files\apache-tomcat-5.5.12\webapps\ROOT\WEB-INF\lib\classes12.jar;C:\Program 
Files\apache-tomcat-5.5.12\webapps\ROOT\WEB-INF\lib\ojdbc6.jar;

JAVA_HOME
C:\Program Files\Java\jdk1.5.0_04

PATH
C:\Program Files\Java\jdk1.5.0_04\bin

ORACLE_HOME
D:\Oracle11\product\11.2.0\client_1\BIN


Thanks and Regards
Deepak
Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

tomcat-7.0.35 ON Window Server SP 2

[dkumar]

Hi,

I have downloaded apache-tomcat-7.0.35.zip and runiing it on Window Server 
SP 2 machine and it is working fine. 
Is it OK to run apache-tomcat-7.0.35 setup on Window Server SP 2 machine? 

Please reply.

Server version: Apache Tomcat/7.0.35
OS Name:Windows Server SP 2  32 bit


Thanks and Regards
Deepak Kumar
Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Tomcat(7.0.35) vulnerability or issues

[dkumar]

Dear All,

We are upgrading the tomcat from version 6.0.18   to 7.0.35
Operating System Version : HP-UX 11.31

Please inform us if there are any known issues or any vulnerability on 
latest tomcat version of 7.0.35. 

Thanks and Regards
Deepak Kumar
Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

tomcat-7.0.35-windows-x86 ON 64 bit UNIX

[dkumar]

Hi,

I have downloaded apache-tomcat-7.0.35-windows-x86.zip and runiing it on 
64 bit UNIX machine and it is working fine. 
Is it OK to run x86 setup on 64 bit UNIX machine? 
Please reply.

Server version: Apache Tomcat/7.0.35
Server built:   Jan 10 2013 10:52:49
Server number:  7.0.35.0
OS Name:HP-UX
OS Version: B.11.31
Architecture:   IA64N
JVM Version:1.7.0.04-jinteg_2012_11_21_09_34-b00
JVM Vendor: Hewlett-Packard Company


Thanks and Regards
Deepak Kumar

Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Getting error while starting tomcat

[dkumar]

Hello All,

Tomcat Server 7.0.35
Operating System Version : HP-UX 11.31
JRE_HOME:/opt/java1.5


We are getting error in Catalina log file while starting the tomcat server

Exception in thread main java.lang.UnsupportedClassVersionError: Bad 
version number in .class file
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
at 
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)
at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
at java.net.URLClassLoader$1.run(URLClassLoader.java:195)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)


Please suggest us. 

Thanks and Regards
Deepak Kumar
Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[dkumar]

Hello All,

We have upgraded the tomcat(7.0.35) and ssl(0.9.8x)
Still facing same issue
Please suggest

Thanks and regards
Deepak Kumar



From:   Pid p...@pidster.com
To: Tomcat Users List users@tomcat.apache.org
Date:   02/09/2013 11:35 PM
Subject:Re: How to limit the number of renegotiations for a single 
TLS / SSL connection



On 08/02/2013 15:05, Mark Thomas wrote:
 On 08/02/2013 14:34, Caldarale, Charles R wrote:
 From: dku...@ccilindia.co.in [mailto:dku...@ccilindia.co.in] 
 Subject: How to limit the number of renegotiations for a single TLS
 / SSL connection

 We are using - Tomcat Version - 6.0.18

 Please suggest the recommended solution for tomcat

 Try using a version of Tomcat that's newer than 4.5 years old.  Many
 security-related fixes have gone in since then, and it's
 irresponsible to expose your site to situations that have been
 addressed years previously.  If you check the changelog, I think
 you'll find this TLS issue was addressed quite some time ago; it may
 require a JVM upgrade as well.
 
 No, this is a different issue.

Not to disagree with Mark T... but the point about using old software is
still a good one.

 Tomcat 6.0.18 vs Tomcat 6.0.36

 OpenSSL 0.9.8k (25-Mar-2009) vs OpenSSL 0.9.8y (05-Feb-2013)


Focusing on particular issues like this, rather than addressing the big
picture and using a more recent build of Open SSL and/or Tomcat (that
will carry many fixes) means the OP is probably Doing IT Wrong.


p

-- 

[key:62590808]

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[dkumar]

Hello Mark

We have just updated the tomcat version to 7.0.35 and have not explicitly 
gave any connector protocol in connector tag, when tomcat is starting its 
giving Initializing ProtocolHandler [http-bio-443] 

Regards
Deepak



From:   Mark Thomas ma...@apache.org
To: Tomcat Users List users@tomcat.apache.org
Date:   02/11/2013 04:48 PM
Subject:Re: How to limit the number of renegotiations for a single 
TLS / SSL connection



On 11/02/2013 11:10, dku...@ccilindia.co.in wrote:
 Hello All,
 
 We have upgraded the tomcat(7.0.35) and ssl(0.9.8x)
 Still facing same issue
 Please suggest

Are you sure you are using the APR/native connector?

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[dkumar]

Hello Mark

We have just updated the tomcat version to 7.0.35 and have not explicitly 
gave any connector protocol in connector tag, when tomcat is starting its 
giving Initializing ProtocolHandler [http-bio-8443] 

Regards
Deepak



From:   Mark Thomas ma...@apache.org
To: Tomcat Users List users@tomcat.apache.org
Date:   02/11/2013 04:48 PM
Subject:Re: How to limit the number of renegotiations for a single 
TLS / SSL connection



On 11/02/2013 11:10, dku...@ccilindia.co.in wrote:
 Hello All,
 
 We have upgraded the tomcat(7.0.35) and ssl(0.9.8x)
 Still facing same issue
 Please suggest

Are you sure you are using the APR/native connector?

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[dkumar]

Hello, 

We tried to set APR connector protocol attribute in connector tag but we 
are not able to start the tomcat as the supporting library are not found 
in JDK 1.7 installed in my system
Please suggest where we will get the APR connector file.


@Mark
Sorry for duplicate message. That has a correction [http-bio-8443] 
instead of [http-bio-443]

Thanks and Regards
Deepak 



From:   Mark Thomas ma...@apache.org
To: Tomcat Users List users@tomcat.apache.org
Date:   02/11/2013 05:23 PM
Subject:Re: How to limit the number of renegotiations for a single 
TLS / SSL connection



On 11/02/2013 11:31, dku...@ccilindia.co.in wrote:
 Hello Mark
 
 We have just updated the tomcat version to 7.0.35 and have not 
explicitly 
 gave any connector protocol in connector tag, when tomcat is starting 
its 
 giving Initializing ProtocolHandler [http-bio-443]

Which means you are using the BIO HTTP connector, not the APR/native
HTTP connector. The BIO connector supports renegotiation.

Mark

P.S. Please stop
a) sending duplicate messages to the users list
b) cc'ing list members on your replies.


 
 Regards
 Deepak
 
 
 
 From:   Mark Thomas ma...@apache.org
 To: Tomcat Users List users@tomcat.apache.org
 Date:   02/11/2013 04:48 PM
 Subject:Re: How to limit the number of renegotiations for a 
single 
 TLS / SSL connection
 
 
 
 On 11/02/2013 11:10, dku...@ccilindia.co.in wrote:
 Hello All,

 We have upgraded the tomcat(7.0.35) and ssl(0.9.8x)
 Still facing same issue
 Please suggest
 
 Are you sure you are using the APR/native connector?
 
 Mark
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 Disclaimer and confidentiality clause -
  This message and any attachments relating to official business of CCIL 
OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the 
original addressee only.
 The message may contain information that is confidential and subject to 
legal privilege. 
 Any views expressed in this message are those of the individual sender. 
 If you have received this message in error, please notify the original 
sender immediately and destroy the message and copies thereof and any 
attachments contained in it .
  If you are not the intended recipient of this message, you are hereby 
notified that you must not disseminate, copy, use, distribute, or take any 
action in connection therewith. 
  CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
 CCIL is not liable whatsoever for loss or damage resulting from the 
opening of this message and/or attachments and/or the use of the 
information contained in this message and/or attachments.
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

Re: How to limit the number of renegotiations for a single TLS / SSL connection

[dkumar]

Hello All,

@ Mark

we have not specified any specific connector protocol in the connector 
tag, is that mean we are using native APR connector, and if it is so, then 
as renegotiation is not permitted in APR why VA tool says renegotiation 
DoS vulnerability, and it would be of great help if you explain how to 
implement HTTP NIO or BIO connector to handle this renegotiation issue.

@Daniel

Please find the connector tag of sever.xml

Connector port=8443 SSLEnabled=true acceptCount=500 ciphers=Some 
cipher allowUnsafeLegacyRenegotiation=false
   maxThreads=5 scheme=https secure=false 
   clientAuth=false sslProtocol=TLS 
keystoreFile=cert.key keystorePass=password /


Any help wold be appreciated.
Thanks and regards

Deepak.






From:   Mark Thomas ma...@apache.org
To: Tomcat Users List users@tomcat.apache.org
Date:   02/08/2013 08:44 PM
Subject:Re: How to limit the number of renegotiations for a single 
TLS / SSL connection



On 08/02/2013 14:28, dku...@ccilindia.co.in wrote:
 Hello All,
 
 We are using -
 Tomcat Version - 6.0.18
 Operating System Version : HP-UX 11.31
 SSL Version -  OpenSSL 0.9.8k 25 Mar 2009
 Port - 8443
 
 By running the venerability assessment test we are getting the following 

 observation 
 
 The remote service encrypts traffic using TLS / SSL and permits clients 
to 
 renegotiate connections. The computational requirements for 
renegotiating 
 a connection are asymmetrical between the client and the server, with 
the 
 server performing several times more work. Since the remote host does 
not 
 appear to limit the number of renegotiations for a single TLS / SSL 
 connection, this permits a client to open several simultaneous 
connections 
 and repeatedly renegotiate them, possibly leading to a denial of service 

 condition.
 
 Please suggest the recommended solution for tomcat

To repeat what I have said privately on this topic:

quote
The Apache Tomcat security team has reviewed the available information
for CVE-2011-1473 and has performed some testing of Apache Tomcat
using one of the many tools that has be written to demonstrate this issue.

Our conclusions are:

- In terms of CPU usage there is not a large difference (same order of
magnitude) between a client creating multiple HTTPS connections and a
client creating a single HTTPS connection and repeatedly requesting
renegotiation. This is consistent with the findings / opinions of the
numerous SSL/TLS experts that have commented on this issue.

- Repeated renegotiation attempts from a single client can be detected
by a firewall.

- Multiple connection attempts from a client are easier for a firewall
to identify than multiple renegotiation requests.

- Client renegotiation is not permitted by the HTTP APR/native connector.

- It would be possible to add renegotiation rate limiting to the HTTP
BIO and NIO connectors but there is not a clear-cut case for doing this.


We would also draw your attention to the following text on the Apache
Tomcat website security pages [1]:

quote
Note that all networked servers are subject to denial of service
attacks, and we cannot promise magic workarounds to generic problems
(such as a client streaming lots of data to your server, or
re-requesting the same URL repeatedly). In general our philosophy is
to avoid any attacks which can cause the server to consume resources
in a non-linear relationship to the size of inputs.
/quote

Further discussion of this issue, particularly the usefulness of
adding renegotiation rate-limiting to the the HTTP BIO and NIO
connectors, should take place on the public Tomcat users mailing list.

Mark
on behalf of the Apache Tomcat security team
/quote

With all the above in mind is there an argument for introducing
renegotiation rate limiting for BIO and NIO? Or do we just say if you
are bothered about CVE-2011-1473, use APR.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever 

6.0.18, UNIX,

[dkumar]

Hello to All,

We are using -
Tomcat Version - 6.0.18
Operating System Version : HP-UX 11.31
SSL Version -  OpenSSL 0.9.8k 25 Mar 2009
Port - 8443

By running the venerability assessment test we are getting the following 
observation 

The remote service encrypts traffic using TLS / SSL and permits clients to 
renegotiate connections. The computational requirements for renegotiating 
a connection are asymmetrical between the client and the server, with the 
server performing several times more work. Since the remote host does not 
appear to limit the number of renegotiations for a single TLS / SSL 
connection, this permits a client to open several simultaneous connections 
and repeatedly renegotiate them, possibly leading to a denial of service 
condition.

Please suggest the recommended solution for tomcat

Thanks  Regards
Deepak Kumar
Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.

How to limit the number of renegotiations for a single TLS / SSL connection

[dkumar]

Hello All,

We are using -
Tomcat Version - 6.0.18
Operating System Version : HP-UX 11.31
SSL Version -  OpenSSL 0.9.8k 25 Mar 2009
Port - 8443

By running the venerability assessment test we are getting the following 
observation 

The remote service encrypts traffic using TLS / SSL and permits clients to 
renegotiate connections. The computational requirements for renegotiating 
a connection are asymmetrical between the client and the server, with the 
server performing several times more work. Since the remote host does not 
appear to limit the number of renegotiations for a single TLS / SSL 
connection, this permits a client to open several simultaneous connections 
and repeatedly renegotiate them, possibly leading to a denial of service 
condition.

Please suggest the recommended solution for tomcat

Thanks  Regards
Deepak Kumar
Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments.