Re: tcnative CVE-2015-4000 (Logjam)

Am 12.06.2015 um 04:01 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arthur, On 6/11/15 4:34 PM, Arthur Ramsey wrote: On 06/11/2015 02:35 PM, Christopher Schultz wrote: Arthur, On 6/11/15 2:14 PM, Arthur Ramsey wrote: Is anyone aware of a way to mitigate the

Re: Apache Tomcat Multiple Vulnerabilities Prior To 7.0.50

On 12/06/2015 13:12, Kaggwa, John wrote: Hello, I would like some help with the issue listed below and how to configure it into my system. Upgrade to the latest stable 7.0.x release. Mark Name Apache Tomcat Multiple Vulnerabilities Prior To 7.0.50 Risk 4 Intrusive No

Re: tcnative CVE-2015-4000 (Logjam)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Rainer, On 6/12/15 6:32 AM, Rainer Jung wrote: With existing 1.1.33 you can choose your cipher suite, so that non-DHE ciphers come first and set SSLHonorCipherOrder such that the client chooses the first matching cipher and DHE will likely not

failing final step to update ssl certificate for tomcat6

I am trying to update my SSL certificate in tomcat. The webserver keeps sending the old expired certificate I am taking over from long gone admins with no config notes, but this should be straightforward. The certificate authority support suggests there might be another configuration..but

Apache Tomcat Multiple Vulnerabilities Prior To 7.0.50

Hello, I would like some help with the issue listed below and how to configure it into my system. Name Apache Tomcat Multiple Vulnerabilities Prior To 7.0.50 Risk 4 Intrusive No Description Multiple vulnerabilities are present in some versions of Apache Tomcat. Observation Apache Tomcat is

Re: SSL on Tomcat 6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Adriano, On 6/11/15 3:54 PM, Adriano Matos Meier wrote: Exactly! When I run keytool -list ..., the PrivateKeyEntry now has the fingerprint for SSL certificate. I belived that I had lost private key, and I would have to do it all again

RE: Apache Tomcat Multiple Vulnerabilities Prior To 7.0.50

What is the correct way of installing it, because I had downloaded version apache-tomcat-8.0.23-windows-x64 All the best JOHN KAGGWA ASSISTANT IT MANAGER / W DOHA -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, June 12, 2015 3:50 PM To: Tomcat Users List

Re: General question about removeAbandoned property

On 12/06/2015 20:15, Balana, Vishal wrote: Hello, I am trying to find if removeAbandoned property set to True would leads a connection returned back to pool and available to be borrowed again? If not, am I one connection less in pool? Abandoned connections are removed from the pool. The

Re: Fwd: Apache Tomcat 7 -Parameters lost

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kartheek, On 6/12/15 12:32 PM, kartheek desineedi wrote: We are facing a weird issue where a similar configuration is yielding unexpected results for consecutive requests on Tomcat 7.0.54. We have enabled the request dumper filter on Tomcat 7

Re: Fwd: Apache Tomcat 7 -Parameters lost

kartheek desineedi wrote: Yes we upgraded to Apache Tomcat 7.0.62 but still the issue is persisting. Failed request filter did not filter out any params indicating that the parameters are not malformed. We are sending all the requests in the SAME manner while most of them succeed,few of them

General question about removeAbandoned property

Hello, I am trying to find if removeAbandoned property set to True would leads a connection returned back to pool and available to be borrowed again? If not, am I one connection less in pool? Thanks, Vishal

RE: Fwd: Apache Tomcat 7 -Parameters lost

From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: Fwd: Apache Tomcat 7 -Parameters lost Are you 100% sure that there is nothing in these requests which could prevent a correct parsing of these parameters ? And/or are you sure that when you compare the tcpdump log and the

Re: Fwd: Apache Tomcat 7 -Parameters lost

Thanks for your response Christopher. Consecutive requests in the sense when 5(for example) users send requests in the normal transaction flow,one of them fails. The logs at different layers of the request flow indicate that the parameters are being passed from the original request till the AJP

Re: Tomcat 8 DB Connection Pooling

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Douglas, In addition to what Filip posted... On 6/11/15 12:18 PM, Douglas Schaible wrote: Good Day All, I am having a problem with a connection pool and I was hoping for some guidance. I have defined the connection pool below for two

Re: TCP connections reuse

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andy, On 6/12/15 12:35 PM, Wang, Andy wrote: Could this be as simple as the default keepaliveTimeout = 2 (i.e. 20s) This could certainly be the issue. Maxim, what does the timing look like with these events? 1. First HTTP request made 2.

Re: Fwd: Apache Tomcat 7 -Parameters lost

Yes we upgraded to Apache Tomcat 7.0.62 but still the issue is persisting. Failed request filter did not filter out any params indicating that the parameters are not malformed. We are sending all the requests in the SAME manner while most of them succeed,few of them fail. Which class in the

Re: Fwd: Apache Tomcat 7 -Parameters lost

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kartheek, On 6/12/15 4:41 PM, kartheek desineedi wrote: Yes we upgraded to Apache Tomcat 7.0.62 but still the issue is persisting. Failed request filter did not filter out any params indicating that the parameters are not malformed. We are

Re: Tomcat 8 DB Connection Pooling

Hi Chris, I have the connection pool defined in /etc/tomcat8/context.xml. Is that the wrong place the define it? Is what is defined there being copied into each application? I underplayed some sample application and I am now seeing 10 time the number of apps being deployed DB connections.

Re: Apache Tomcat Multiple Vulnerabilities Prior To 7.0.50

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 6/12/15 8:56 AM, Kaggwa, John wrote: What is the correct way of installing it, because I had downloaded version apache-tomcat-8.0.23-windows-x64 Do you want to install Tomcat 7 (like the OP seems to want to do), or do you want to

Re: TCP connections reuse

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Maxim, On 6/12/15 1:53 AM, Maxim Neshcheret wrote: According to http://docs.oracle.com/javase/6/docs/technotes/guides/net/http-keepali ve.html connections in HTTP 1.1 http://docs.oracle.com/javase/6/docs/technotes/guides/net/http-keepal

Re: TCP connections reuse

Could this be as simple as the default keepaliveTimeout = 15000 (i.e. 15s) Andy On 06/12/2015 11:20 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Maxim, On 6/12/15 1:53 AM, Maxim Neshcheret wrote: According to

Fwd: Apache Tomcat 7 -Parameters lost

Hi all, We are facing a weird issue where a similar configuration is yielding unexpected results for consecutive requests on Tomcat 7.0.54. We have enabled the request dumper filter on Tomcat 7 and it shows that consecutive requests are missing the parameters. Due to this our application is

RE: TCP connections reuse

Sorry, correction: default keepalivetimeout = connectionTimeout = 2 (20s) Andy From: Andy Wang [aw...@ptc.com] Sent: Friday, June 12, 2015 11:31 AM To: Tomcat Users List Subject: Re: TCP connections reuse Could this be as simple as the default

Re: failing final step to update ssl certificate for tomcat6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dan, On 6/12/15 8:37 AM, Dan Hyatt wrote: I am trying to update my SSL certificate in tomcat. The webserver keeps sending the old expired certificate I am taking over from long gone admins with no config notes, but this should be