Re: [VOTE] Release Apache Tomcat 9.0.13

[Mark Thomas]

The following votes were cast:

Binding:
+1: remm, markt, violetagg, csutherl, fschumacher

Non-binding:
+1: isapir, rmannibucau

The vote therefore passes.

Thank you to everyone who contributed to this release.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.13

[Felix Schumacher]

Am 2. November 2018 17:11:40 MEZ schrieb Mark Thomas :
>The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
>The major changes compared to the 9.0.13 release are:
>
>- support for TLSv1.3 when used with a JRE or OPenSSl version that
>  supports it
>
>- added support for encrypting cluster traffic
>
>- added automatic reloading of tomcat-users.xml after a change
>
>
>Along with lots of other bug fixes and improvements.
>
>For full details, see the changelog:
>http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
>It can be obtained from:
>https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
>The Maven staging repo is:
>https://repository.apache.org/content/repositories/orgapachetomcat-1196/
>The svn tag is:
>http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
>The proposed 9.0.13 release is:
>[ ] Broken - do not release
>[x] Stable - go ahead and release as 9.0.13

Regards, 
Felix 

>
>-
>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: dev-h...@tomcat.apache.org

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.13

[Rémy Maucherat]

On Mon, Nov 5, 2018 at 8:43 AM Romain Manni-Bucau 
wrote:

> +1 (non-binding), tested on meecrowave and some work projects
>

Well, I guess "ads" are useful sometimes. I looked at the code of
meecrowave just right now, and it looks like my embedded improvements are
relevant and could avoid a number of hacks/problems that had to be solved
the hard way. Hopefully, they won't break any existing code either.

Rémy

Re: [VOTE] Release Apache Tomcat 9.0.13

[Coty Sutherland]

On Fri, Nov 2, 2018 at 12:11 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
> The major changes compared to the 9.0.13 release are:
>
> - support for TLSv1.3 when used with a JRE or OPenSSl version that
>   supports it
>
> - added support for encrypting cluster traffic
>
> - added automatic reloading of tomcat-users.xml after a change
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
> The proposed 9.0.13 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.13
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.13

[Romain Manni-Bucau]

+1 (non-binding), tested on meecrowave and some work projects

Romain Manni-Bucau
@rmannibucau  |  Blog
 | Old Blog
 | Github  |
LinkedIn  | Book



Le lun. 5 nov. 2018 à 08:26, Violeta Georgieva  a
écrit :

> Hi,
>
> На пт, 2.11.2018 г. в 18:11 ч. Mark Thomas  написа:
> >
> > The proposed Apache Tomcat 9.0.13 release is now available for voting.
> >
> > The major changes compared to the 9.0.13 release are:
> >
> > - support for TLSv1.3 when used with a JRE or OPenSSl version that
> >   supports it
> >
> > - added support for encrypting cluster traffic
> >
> > - added automatic reloading of tomcat-users.xml after a change
> >
> >
> > Along with lots of other bug fixes and improvements.
> >
> > For full details, see the changelog:
> > http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
> >
> > It can be obtained from:
> > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> > The Maven staging repo is:
> > https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> > The svn tag is:
> > http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
> >
> > The proposed 9.0.13 release is:
> > [ ] Broken - do not release
> > [X] Stable - go ahead and release as 9.0.13
>
> +1
>
> Regards,
> Violeta
>

Re: [VOTE] Release Apache Tomcat 9.0.13

[Violeta Georgieva]

Hi,

На пт, 2.11.2018 г. в 18:11 ч. Mark Thomas  написа:
>
> The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
> The major changes compared to the 9.0.13 release are:
>
> - support for TLSv1.3 when used with a JRE or OPenSSl version that
>   supports it
>
> - added support for encrypting cluster traffic
>
> - added automatic reloading of tomcat-users.xml after a change
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
> The proposed 9.0.13 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.13

+1

Regards,
Violeta

Re: [VOTE] Release Apache Tomcat 9.0.13

[Igal Sapir]

Mark,

On Sat, Nov 3, 2018 at 10:37 AM Mark Thomas  wrote:

> On 03/11/2018 16:54, Igal Sapir wrote:
> > On Sat, Nov 3, 2018 at 9:28 AM Mark Thomas  wrote:
> >> On 03/11/2018 16:20, Igal Sapir wrote:
> >>> On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas  wrote:
>  On 02/11/2018 22:39, Igal Sapir wrote:
>
> 
>
> >> Now is probably a good time to complete the planned expansion of unit
> >> tests on Gump for Tomcat Native so we have coverage of all the OpenSSL
> >> versions.
> >
> > I'd be happy to help if given some guidance
>
> (Note: Gump seems to be having issues performing 'svn up' at the moment.
> Check any failures carefully in case this is the cause.)
>
> The plan was as follows:
> - Build all current OpenSSL versions (currently 4)
> - Build Tomcat Native 1.2.x for each OpenSSL version (i.e. 4)
> - No Tomcat Native 1.1.x builds
> - Test 9.0.x with all Native/OpenSSL combinations (i.e. 4)
> - Test 8.5.x with Native/OpenSSL 1.1.1 (latest LTS)
> - Test 7.0.x with Native/OpenSSL 1.0.2 (other LTS)
>
> The OpenSSL build and Tomcat Native builds with each OpenSSL version
> have already been configured.
>
> The Tomcat Native 1.1.x build has been disabled.
>
> The 8.5.x and 7.0.x are configured as desired. So it is just 9.0.x that
> needs completing. It should, largely, be a copy/paste exercise:
>
> The Gump metadata is here:
> http://svn.apache.org/repos/asf/gump/metadata/project/
>
> All ASF committers have write access.
>
> There is one file for each major Tomcat version.
> Each  block represents one Tomcat build or one test run.
>
> If you look in tomcat-trunk.xml you will see
> 
>
> This runs the unit tests with the APR connector. It is configured with:
>id="openssl" reference="outputpath"/>
>reference="home"/>
>
> which means it uses Tomcat Native build with OpenSSL master (or just
> OpenSSL master when using OpenSSL directly) for the tests.
>
> Currently we have:
>
> Tomcat 9.0.x testing APR/native with OpenSSL master
>
> This needs to be exapnded to:
> Tomcat 9.0.x testing APR/native with
>  - OpenSSL master
>  - OpenSSL 1.1.1
>  - OpenSSL 1.1.0
>  - OpenSSL 1.0.2
>
> We also have NIO tests running with JSSE. It would be prudent to add 4
> more test runs for each of the OpenSSL versions with NIO as well.
>
> Essentially, you edit the metadata file and then wait until the next
> test run (they run at , 0600, 1200 and 1800 UTC) and see if it
> worked. Repeat until all the test runs are passing.
>

Thank you for the detailed information.  I will be travelling in the coming
days but will look into this and hopefully make myself useful as soon as I
can.

Thanks,

Igal

Re: [VOTE] Release Apache Tomcat 9.0.13

[Mark Thomas]

On 03/11/2018 16:54, Igal Sapir wrote:
> On Sat, Nov 3, 2018 at 9:28 AM Mark Thomas  wrote:
>> On 03/11/2018 16:20, Igal Sapir wrote:
>>> On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas  wrote:
 On 02/11/2018 22:39, Igal Sapir wrote:



>>> Should I make a mental note that these are false positives or should we
>>> pursue it further and update the test cases to remove ciphers that should
>>> not be used?
>>
>> They look like false positives at this point.
>>
> 
> Is it possible to mark some test cases as "Warnings" rather than "Errors"?
> So that if they fail they will not fail the whole test?

Not that I am aware of.

>> Now is probably a good time to complete the planned expansion of unit
>> tests on Gump for Tomcat Native so we have coverage of all the OpenSSL
>> versions.
> 
> I'd be happy to help if given some guidance

(Note: Gump seems to be having issues performing 'svn up' at the moment.
Check any failures carefully in case this is the cause.)

The plan was as follows:
- Build all current OpenSSL versions (currently 4)
- Build Tomcat Native 1.2.x for each OpenSSL version (i.e. 4)
- No Tomcat Native 1.1.x builds
- Test 9.0.x with all Native/OpenSSL combinations (i.e. 4)
- Test 8.5.x with Native/OpenSSL 1.1.1 (latest LTS)
- Test 7.0.x with Native/OpenSSL 1.0.2 (other LTS)

The OpenSSL build and Tomcat Native builds with each OpenSSL version
have already been configured.

The Tomcat Native 1.1.x build has been disabled.

The 8.5.x and 7.0.x are configured as desired. So it is just 9.0.x that
needs completing. It should, largely, be a copy/paste exercise:

The Gump metadata is here:
http://svn.apache.org/repos/asf/gump/metadata/project/

All ASF committers have write access.

There is one file for each major Tomcat version.
Each  block represents one Tomcat build or one test run.

If you look in tomcat-trunk.xml you will see


This runs the unit tests with the APR connector. It is configured with:



which means it uses Tomcat Native build with OpenSSL master (or just
OpenSSL master when using OpenSSL directly) for the tests.

Currently we have:

Tomcat 9.0.x testing APR/native with OpenSSL master

This needs to be exapnded to:
Tomcat 9.0.x testing APR/native with
 - OpenSSL master
 - OpenSSL 1.1.1
 - OpenSSL 1.1.0
 - OpenSSL 1.0.2

We also have NIO tests running with JSSE. It would be prudent to add 4
more test runs for each of the OpenSSL versions with NIO as well.

Essentially, you edit the metadata file and then wait until the next
test run (they run at , 0600, 1200 and 1800 UTC) and see if it
worked. Repeat until all the test runs are passing.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.13

[Igal Sapir]

On Sat, Nov 3, 2018 at 9:28 AM Mark Thomas  wrote:

> On 03/11/2018 16:20, Igal Sapir wrote:
> > On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas  wrote:
> >
> >> On 02/11/2018 22:39, Igal Sapir wrote:
> >>
> >> 
> >>
> >>> I am getting the same test case failures as before, so it doesn't look
> >> like
> >>> a regression to me:
> >>>[concat] Testsuites with failed tests:
> >>>[concat]
> >>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1]
> >>>[concat]
> >>>
> >>
> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
> >>> [2]
> >>>
> >>> (details below)
> >>>
> >>>
>  The proposed 9.0.13 release is:
>  [ ] Broken - do not release
>  [X] Stable - go ahead and release as 9.0.13
> 
> 
> >>> Assuming that my assessment of the failures is correct, my non-binding
> >> vote
> >>> is Stable.  Tested on Fedora 28 with OpenSSL 1.1.0i-fips.
> >>
> >> Which JDK are you using? It looks like an IBM one. It has been a while
> >> since I tested things with an IBM JDK so some updates might be required.
> >>
> >
> > I am pretty sure that I've never installed the IBM JDK on any machine.
> > This one IIRC is from Oracle:
> >
> > $ javac -version
> > javac 1.8.0_181
> > $ java -version
> > java version "1.8.0_181"
> > Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
> > Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
> >
> > I will upgrade to u191 from Oracle and then test again.
> >
> >
> >> A FIPS enabled OpenSSL might also cause some failures as it might
> >> disable some ciphers.
> >>
> >
> > I am guessing by the version name of OpenSSL that FIPS is enabled:
> >
> > $ openssl version
> > OpenSSL 1.1.0i-fips  14 Aug 2018
>
> That is very odd as the only OpenSSL branch that is FIPS certified is
> 1.0.2.
>
> > $ uname -a
> > Linux local 4.18.16-200.fc28.x86_64 #1 SMP Sat Oct 20 23:53:47 UTC 2018
> > x86_64 x86_64 x86_64 GNU/Linux
> >
> > Should I make a mental note that these are false positives or should we
> > pursue it further and update the test cases to remove ciphers that should
> > not be used?
>
> They look like false positives at this point.
>

Is it possible to mark some test cases as "Warnings" rather than "Errors"?
So that if they fail they will not fail the whole test?


> Now is probably a good time to complete the planned expansion of unit
> tests on Gump for Tomcat Native so we have coverage of all the OpenSSL
> versions.
>

I'd be happy to help if given some guidance

Best,

Igal

Re: [VOTE] Release Apache Tomcat 9.0.13

[Mark Thomas]

On 03/11/2018 16:20, Igal Sapir wrote:
> On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas  wrote:
> 
>> On 02/11/2018 22:39, Igal Sapir wrote:
>>
>> 
>>
>>> I am getting the same test case failures as before, so it doesn't look
>> like
>>> a regression to me:
>>>[concat] Testsuites with failed tests:
>>>[concat]
>>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1]
>>>[concat]
>>>
>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
>>> [2]
>>>
>>> (details below)
>>>
>>>
 The proposed 9.0.13 release is:
 [ ] Broken - do not release
 [X] Stable - go ahead and release as 9.0.13


>>> Assuming that my assessment of the failures is correct, my non-binding
>> vote
>>> is Stable.  Tested on Fedora 28 with OpenSSL 1.1.0i-fips.
>>
>> Which JDK are you using? It looks like an IBM one. It has been a while
>> since I tested things with an IBM JDK so some updates might be required.
>>
> 
> I am pretty sure that I've never installed the IBM JDK on any machine.
> This one IIRC is from Oracle:
> 
> $ javac -version
> javac 1.8.0_181
> $ java -version
> java version "1.8.0_181"
> Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
> Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
> 
> I will upgrade to u191 from Oracle and then test again.
> 
> 
>> A FIPS enabled OpenSSL might also cause some failures as it might
>> disable some ciphers.
>>
> 
> I am guessing by the version name of OpenSSL that FIPS is enabled:
> 
> $ openssl version
> OpenSSL 1.1.0i-fips  14 Aug 2018

That is very odd as the only OpenSSL branch that is FIPS certified is 1.0.2.

> $ uname -a
> Linux local 4.18.16-200.fc28.x86_64 #1 SMP Sat Oct 20 23:53:47 UTC 2018
> x86_64 x86_64 x86_64 GNU/Linux
> 
> Should I make a mental note that these are false positives or should we
> pursue it further and update the test cases to remove ciphers that should
> not be used?

They look like false positives at this point.

Now is probably a good time to complete the planned expansion of unit
tests on Gump for Tomcat Native so we have coverage of all the OpenSSL
versions.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.13

[Igal Sapir]

On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas  wrote:

> On 02/11/2018 22:39, Igal Sapir wrote:
>
> 
>
> > I am getting the same test case failures as before, so it doesn't look
> like
> > a regression to me:
> >[concat] Testsuites with failed tests:
> >[concat]
> > TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1]
> >[concat]
> >
> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
> > [2]
> >
> > (details below)
> >
> >
> >> The proposed 9.0.13 release is:
> >> [ ] Broken - do not release
> >> [X] Stable - go ahead and release as 9.0.13
> >>
> >>
> > Assuming that my assessment of the failures is correct, my non-binding
> vote
> > is Stable.  Tested on Fedora 28 with OpenSSL 1.1.0i-fips.
>
> Which JDK are you using? It looks like an IBM one. It has been a while
> since I tested things with an IBM JDK so some updates might be required.
>

I am pretty sure that I've never installed the IBM JDK on any machine.
This one IIRC is from Oracle:

$ javac -version
javac 1.8.0_181
$ java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

I will upgrade to u191 from Oracle and then test again.


> A FIPS enabled OpenSSL might also cause some failures as it might
> disable some ciphers.
>

I am guessing by the version name of OpenSSL that FIPS is enabled:

$ openssl version
OpenSSL 1.1.0i-fips  14 Aug 2018

$ uname -a
Linux local 4.18.16-200.fc28.x86_64 #1 SMP Sat Oct 20 23:53:47 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux

Should I make a mental note that these are false positives or should we
pursue it further and update the test cases to remove ciphers that should
not be used?

Thanks,

Igal

Re: [VOTE] Release Apache Tomcat 9.0.13

[Mark Thomas]

On 02/11/2018 22:39, Igal Sapir wrote:



> I am getting the same test case failures as before, so it doesn't look like
> a regression to me:
>[concat] Testsuites with failed tests:
>[concat]
> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1]
>[concat]
> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
> [2]
> 
> (details below)
> 
> 
>> The proposed 9.0.13 release is:
>> [ ] Broken - do not release
>> [X] Stable - go ahead and release as 9.0.13
>>
>>
> Assuming that my assessment of the failures is correct, my non-binding vote
> is Stable.  Tested on Fedora 28 with OpenSSL 1.1.0i-fips.

Which JDK are you using? It looks like an IBM one. It has been a while
since I tested things with an IBM JDK so some updates might be required.
A FIPS enabled OpenSSL might also cause some failures as it might
disable some ciphers.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.13

[Igal Sapir]

On Fri, Nov 2, 2018 at 9:11 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
> The major changes compared to the 9.0.13 release are:
>
> - support for TLSv1.3 when used with a JRE or OPenSSl version that
>   supports it
>
> - added support for encrypting cluster traffic
>
> - added automatic reloading of tomcat-users.xml after a change
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
>
I am getting the same test case failures as before, so it doesn't look like
a regression to me:
   [concat] Testsuites with failed tests:
   [concat]
TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1]
   [concat]
TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
[2]

(details below)


> The proposed 9.0.13 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.13
>
>
Assuming that my assessment of the failures is correct, my non-binding vote
is Stable.  Tested on Fedora 28 with OpenSSL 1.1.0i-fips.

Igal

[1] Testsuite: org.apache.tomcat.util.net.openssl.ciphers.TestCipher
Tests run: 3, Failures: 2, Errors: 0, Skipped: 0, Time elapsed: 0.586 sec

Testcase: testNames took 0.077 sec
Testcase: testAllOpenSSLCiphersMapped took 0.304 sec
FAILED
No mapping found in IBM's JSSE implementation for
ECDHE-PSK-3DES-EDE-CBC-SHA+TLSv1 when one was expected

junit.framework.AssertionFailedError: No mapping found in IBM's JSSE
implementation for ECDHE-PSK-3DES-EDE-CBC-SHA+TLSv1 when one was expected

at
org.apache.tomcat.util.net.openssl.ciphers.TestCipher.testAllOpenSSLCiphersMapped(TestCipher.java:65)

Testcase: testOpenSSLCipherAvailability took 0.063 sec
FAILED
ECDHE-ECDSA-DES-CBC3-SHA+TLSv1 PSK-3DES-EDE-CBC-SHA+SSLv3
SRP-DSS-3DES-EDE-CBC-SHA+SSLv3 DHE-PSK-3DES-EDE-CBC-SHA+SSLv3
DHE-RSA-DES-CBC3-SHA+SSLv3 RSA-PSK-3DES-EDE-CBC-SHA+SSLv3
DHE-DSS-DES-CBC3-SHA+SSLv3 ECDHE-RSA-DES-CBC3-SHA+TLSv1
AECDH-DES-CBC3-SHA+TLSv1 ADH-DES-CBC3-SHA+SSLv3
ECDHE-PSK-3DES-EDE-CBC-SHA+TLSv1 SRP-3DES-EDE-CBC-SHA+SSLv3
DES-CBC3-SHA+SSLv3 SRP-RSA-3DES-EDE-CBC-SHA+SSLv3  expected:<0> but was:<14>
junit.framework.AssertionFailedError: ECDHE-ECDSA-DES-CBC3-SHA+TLSv1
PSK-3DES-EDE-CBC-SHA+SSLv3 SRP-DSS-3DES-EDE-CBC-SHA+SSLv3
DHE-PSK-3DES-EDE-CBC-SHA+SSLv3 DHE-RSA-DES-CBC3-SHA+SSLv3
RSA-PSK-3DES-EDE-CBC-SHA+SSLv3 DHE-DSS-DES-CBC3-SHA+SSLv3
ECDHE-RSA-DES-CBC3-SHA+TLSv1 AECDH-DES-CBC3-SHA+TLSv1
ADH-DES-CBC3-SHA+SSLv3 ECDHE-PSK-3DES-EDE-CBC-SHA+TLSv1
SRP-3DES-EDE-CBC-SHA+SSLv3 DES-CBC3-SHA+SSLv3
SRP-RSA-3DES-EDE-CBC-SHA+SSLv3  expected:<0> but was:<14>
at
org.apache.tomcat.util.net.openssl.ciphers.TestCipher.testOpenSSLCipherAvailability(TestCipher.java:108)

[2] Testsuite:
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser
Tests run: 86, Failures: 33, Errors: 0, Skipped: 1, Time elapsed: 2.621 sec
- Standard Error -
Error in cipher list
139645700503360:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140604732196672:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140670305806144:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140226490042176:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140427393795904:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140499029514048:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139900973500224:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140708404664128:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139917327984448:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139750907934528:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140578619672384:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139641869047616:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140513076176704:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list

Re: [VOTE] Release Apache Tomcat 9.0.13

[Mark Thomas]

On 02/11/2018 16:11, Mark Thomas wrote:
> The proposed Apache Tomcat 9.0.13 release is now available for voting.
> 
> The major changes compared to the 9.0.13 release are:
> 
> - support for TLSv1.3 when used with a JRE or OPenSSl version that
>   supports it
> 
> - added support for encrypting cluster traffic
> 
> - added automatic reloading of tomcat-users.xml after a change
> 
> 
> Along with lots of other bug fixes and improvements.
> 
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
> 
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
> 
> The proposed 9.0.13 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.13

Unit tests pass on Linux, Windows and MacOS for NIO, NIO2 and APR/native
with Tomcat Native 1.2.18 built with OpenSSL 1.1.1.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.13

[Rémy Maucherat]

On Fri, Nov 2, 2018 at 5:11 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
> The major changes compared to the 9.0.13 release are:
>
> - support for TLSv1.3 when used with a JRE or OPenSSl version that
>   supports it
>
> - added support for encrypting cluster traffic
>
> - added automatic reloading of tomcat-users.xml after a change
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
> The proposed 9.0.13 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.13
>
> Looks fine to me. I'll wait until this is officially released before
adding any refactoring.

Rémy

[VOTE] Release Apache Tomcat 9.0.13

[Mark Thomas]

The proposed Apache Tomcat 9.0.13 release is now available for voting.

The major changes compared to the 9.0.13 release are:

- support for TLSv1.3 when used with a JRE or OPenSSl version that
  supports it

- added support for encrypting cluster traffic

- added automatic reloading of tomcat-users.xml after a change


Along with lots of other bug fixes and improvements.

For full details, see the changelog:
http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1196/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/

The proposed 9.0.13 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 9.0.13

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org