Re: RFE: read keystorePass from file

2015-04-15 Thread Jan Vávra
Hello, Hi, I'd like to suggest the addition of an option that would allow reading the keystore password (the password protecting the private key used by secure connectors) from file. for such things I use java define for tomcat process: -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=MyProp

Re: RFE: read keystorePass from file

2015-04-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Luca, On 4/15/15 5:40 PM, Luca Menegus wrote: > Hi Christopher (and Konstantin), > > took some time to reply as I wanted to test your suggestions: > > - "a parameterized server.xml that pulls the password [...]": If I > understood your hint corre

Re: Tomcat problem under Win2008

2015-04-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Germán, On 4/15/15 7:22 AM, Germán Biozzoli wrote: > We have been using a very well know instittutional repository app ( > DSpace 1.7x) for almost 2 years working over Windows 2008 / Tomcat > 6 wihout so many problems. After upgrading the platform

Re: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

2015-04-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jason, On 4/15/15 12:05 PM, Jason Jesso wrote: > I have Tomcat 6.0.41 connector set-up with: > > SSLProtocol="TLSv1.1,TLSv1.2" > ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, > TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_256_C

Re: RFE: read keystorePass from file

2015-04-15 Thread Luca Menegus
Hi Christopher (and Konstantin), took some time to reply as I wanted to test your suggestions: - "a parameterized server.xml that pulls the password [...]": If I understood your hint correctly it boils down to passing secrets as JVM args (using -D or env vars). I do not think that would satis

Re: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

2015-04-15 Thread David kerber
On 4/15/2015 1:43 PM, Jason Jesso wrote: Actually my mistake, if I use Java 7 it seems I can't connect using openssl. It seems the secure connection does not even work when I point to Java7 . The TLS works when I used the Java 6, but I'm still stuck with the EXPORT ciphers. Ok, you have exh

RE: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

2015-04-15 Thread Jason Jesso
Actually my mistake, if I use Java 7 it seems I can't connect using openssl. It seems the secure connection does not even work when I point to Java7 . The TLS works when I used the Java 6, but I'm still stuck with the EXPORT ciphers. From: David kerber

Re: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

2015-04-15 Thread David kerber
On 4/15/2015 1:17 PM, Jason Jesso wrote: I am using Java 1.6 on AIX plaform. /usr/java6/bin/java -version java version "1.6.0" Java(TM) SE Runtime Environment (build pap3260sr15fp1-20140110_01(SR15 FP1)) IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 AIX ppc-32 jvmap3260sr15-20131231_180656 (JIT en

RE: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

2015-04-15 Thread Jason Jesso
I also have Java 7 on the same host and got the same result. From: Jason Jesso [jje...@global-matrix.com] Sent: Wednesday, April 15, 2015 1:17 PM To: Tomcat Users List Subject: RE: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK) I am using Java 1.6 on

RE: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

2015-04-15 Thread Jason Jesso
I am using Java 1.6 on AIX plaform. /usr/java6/bin/java -version java version "1.6.0" Java(TM) SE Runtime Environment (build pap3260sr15fp1-20140110_01(SR15 FP1)) IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 AIX ppc-32 jvmap3260sr15-20131231_180656 (JIT enabled, AOT enabled) J9VM - 20131231_180656

Tomcat and logging behavior

2015-04-15 Thread sigzero
I have a couple of questions I cannot find through the great Google. 1) Will Tomcat start up if it cannot write to its logs? 2) If in a running state and logs cannot grow, will Tomcat stop logging or will it overwrite its current open logs? Thanks, Bob

Re: TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

2015-04-15 Thread David kerber
On 4/15/2015 12:05 PM, Jason Jesso wrote: I have Tomcat 6.0.41 connector set-up with: SSLProtocol="TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256

TLS Server Accepts RSA_EXPORT Cipher Suites (FREAK)

2015-04-15 Thread Jason Jesso
I have Tomcat 6.0.41 connector set-up with: SSLProtocol="TLSv1.1,TLSv1.2" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA

Re: Performance question...

2015-04-15 Thread PerfGuru
Here is the bug reference I found:https://jira.spring.io/i#browse/SPR-11335 Regards,-Tony From: "Balana, Vishal" To: Tomcat Users List ; PerfGuru ; Jeffrey Janner Sent: Tuesday, April 14, 2015 8:19 AM Subject: RE: Performance question... Could you please share the reference/link to

Re: Tomcat 8 and Java 8

2015-04-15 Thread Greg Huber
Mark, >See > http://wiki.apache.org/tomcat/HowTo/FasterStartUp?highlight=%28entropy%29#Entropy_Source I tried adding -Djava.security.egd=file:/dev/./urandom and it made no difference. Btw the same setup i

Re: Tomcat 8 and Java 8

2015-04-15 Thread Greg Huber
Mark, Thanks for the reply. I am using Centos 6, not 7 sorry. (7 uses systemd!) > Did you use the packaged version of Tomcat or did you download a > distribution from the ASF? I am using one downloaded from ASF. >Those classes should be part of the examples web application. It is odd >that th

Re: Configuring Tomcat manager application upload limit

2015-04-15 Thread Mark Thomas
On 15/04/2015 05:28, Dominic Hargreaves wrote: > Hello, > > This is reposted from [1] and [2]; the Debian maintainers of the package > suggested I ask for advice here. > > I am running the Tomcat manager application via a Debian package > (tomcat8-admin), which deploys the webapp from > /usr/shar

Re: Tomcat 8 and Java 8

2015-04-15 Thread Mark Thomas
On 15/04/2015 03:28, Greg Huber wrote: > Hello, > > I am trying to upgrade my app to Tomcat 8 and Java 8 (1.8.0_40) on centos 7 Did you use the packaged version of Tomcat or did you download a distribution from the ASF? > I have a startup in /etc/rc.d/init.d script that uses the daemon eg: > >

Tomcat problem under Win2008

2015-04-15 Thread Germán Biozzoli
Hi everybody We have been using a very well know instittutional repository app ( DSpace 1.7x) for almost 2 years working over Windows 2008 / Tomcat 6 wihout so many problems. After upgrading the platform to DSpace 5.0 and deploy Tomcat 7.59 has appeared a problem that is very difficult to follow

Configuring Tomcat manager application upload limit

2015-04-15 Thread Dominic Hargreaves
Hello, This is reposted from [1] and [2]; the Debian maintainers of the package suggested I ask for advice here. I am running the Tomcat manager application via a Debian package (tomcat8-admin), which deploys the webapp from /usr/share/tomcat8-admin/manager. We ran into a problem hitting th maxi

Tomcat 8 and Java 8

2015-04-15 Thread Greg Huber
Hello, I am trying to upgrade my app to Tomcat 8 and Java 8 (1.8.0_40) on centos 7 I have a startup in /etc/rc.d/init.d script that uses the daemon eg: daemon --user $tomcatuser --pidfile=$pidfile $command start When I run the script using the command line it runs as expected, but when it runs