On 26.07.2016 12:22, Mark Thomas wrote:
On 26/07/2016 11:18, Robert Alsdorff wrote:
Hey folks,
during some tests I had several 403 Validation of CSRF security token
failed errors. Since it's only a testing system I'd like to disable
the CSRF checks but I don't find any information on how to do
Hi tomcat team,
Thanks for your continued support and help.
I am facing the a peculiar problem in Tomcat 7.0.54.
Configurations:
OS: RHEL
Tomcat:7.0.54
Java:1.7.79
A jsp that was running properly gave the following exception after graceful
tomcat restart
javax.servlet.ServletExceptio
HAHAHAHAHAHA
On Wed, Jul 27, 2016 at 7:06 PM, James H. H. Lampert <
jam...@touchtonecorp.com> wrote:
> Ladies and Gentlemen of both Lists:
>
> Does anybody in either the Tomcat List or the Java 400 List have
> experience running Tomcat 8 on an IBM Midrange box?
>
> And (just for the Java 400 list
Ladies and Gentlemen of both Lists:
Does anybody in either the Tomcat List or the Java 400 List have
experience running Tomcat 8 on an IBM Midrange box?
And (just for the Java 400 list) does anybody know if there's a way to
run Java 7 on a V6 box (specifically, an E4A running V6R1M0) without
On 7/27/16, 11:59 AM, Mark Thomas wrote:
Note since you are on Java 6 you can't force the server preference order
on the client. You might want to drop the 128 bit version.
Thanks. That brings our own server up from an "F" rating on SSLLABS.COM
to a "C."
--
JHHL
On 27/07/2016 19:05, James H. H. Lampert wrote:
> On 7/27/16, 9:20 AM, Mark Thomas wrote:
>> Note the results on the Wiki are the defaults with 7.0.69 which will be
>> better than the defaults for 7.0.67. You should be able to achieve the
>> same results with 7.0.67 by specifying specific ciphers.
On 7/27/16, 9:20 AM, Mark Thomas wrote:
Note the results on the Wiki are the defaults with 7.0.69 which will be
better than the defaults for 7.0.67. You should be able to achieve the
same results with 7.0.67 by specifying specific ciphers.
I just entered, compiled, and ran the Java test program
On 7/27/16, 9:20 AM, Mark Thomas wrote:
Take a look at this:
http://wiki.apache.org/tomcat/Security/Ciphers
I've done some further research, and according to cve.mitre.org,
CVE-2015-0204 appears to be very specific to OpenSSL. CVE-2015-4000, on
the other hand, appears to be a problem.
Tomc
On 27/07/2016 17:01, James H. H. Lampert wrote:
> I was just forwarded a vulnerability report from one of our customers,
> who is on 7.0.67 (as are we), with Java SSL, not OpenSSL (again, as are
> we). The gist of it is below.
>
>> SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) (CVE-2015-400
Peter,
Depending at which slot you plug in BC in the Security context it might or it
might not get used depending on the cipher suites used by you SSL connection.
JSSE will ask Java for crypto implementation from the list of JCE providers and
if your BC is high on the list, it will get used. It
I was just forwarded a vulnerability report from one of our customers,
who is on 7.0.67 (as are we), with Java SSL, not OpenSSL (again, as are
we). The gist of it is below.
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) (CVE-2015-4000)
SSL/TLS EXPORT_RSA <= 512-bit Cipher Suites Suppo
Any pointers here, experts ?
On 26/07/16 2:29 pm, "Amit Pande" wrote:
>
>In Tomcat (7.x+), there is a provision to hook in a custom implementation
>for trust manager by mentioning class name in connector's
>trustManagerClassName attribute.
>
>https://bz.apache.org/bugzilla/show_bug.cgi?id=48208
12 matches
Mail list logo