strange issue we are experiencing when
trying to use Google APIs from a web application that is deployed on
Tomcat 9.0.83.
After a few hours of the server being up and running, all calls to the
Google APIs fail because of SSL handshake errors. Attaching the SSL logs
for your reference.
I see some differences in
s deployed on
> > Tomcat 9.0.83.
> >
> > After a few hours of the server being up and running, all calls to the
> > Google APIs fail because of SSL handshake errors. Attaching the SSL logs
> > for your reference.
> >
> > I see some differences in the ClientH
trace shows that
the failure is coming from your application code:
com.precisionsoftware.trax.service.translation.Transliterator
> After a few hours of the server being up and running, all calls to the Google
> APIs fail because of SSL handshake errors.
My quite limited experience with Google
3.
After a few hours of the server being up and running, all calls to the
Google APIs fail because of SSL handshake errors. Attaching the SSL logs
for your reference.
I see some differences in the ClientHello message. When the handshake
fails, all TLSv1.3 ciphers are ignored, there is no &
Hi,
> Hi,
>
> I am looking for help with a strange issue we are experiencing when trying
> to use Google APIs from a web application that is deployed on Tomcat
> 9.0.83.
>
> After a few hours of the server being up and running, all calls to the
> Google APIs fail because
Hi,
I am looking for help with a strange issue we are experiencing when trying
to use Google APIs from a web application that is deployed on Tomcat 9.0.83.
After a few hours of the server being up and running, all calls to the
Google APIs fail because of SSL handshake errors. Attaching the SSL
Jerry,
On 3/11/24 14:51, Jerry Lin wrote:
Hi Chris,
There is also this:
https://tomcat.apache.org/presentations.html#latest-lets-encrypt
It's very LE-focused, but it shows you how to programmatically trigger a
reload.
Thanks for your presentation and script. We are using Let's Encrypt, so
Hi Chris,
There is also this:
> https://tomcat.apache.org/presentations.html#latest-lets-encrypt
>
> It's very LE-focused, but it shows you how to programmatically trigger a
> reload.
>
Thanks for your presentation and script. We are using Let's Encrypt, so
your material is quite relevant.
Jerry,
On 3/10/24 16:00, Jerry Lin wrote:
Hi Chuck,
Presumably, you mean “not behind https", since “Apache” refers to the
organization that develops and maintains a plethora of software products.
Yes, “not behind https" (I meant not behind an Apache HTTP server)
you can configure the
> On Mar 10, 2024, at 15:00, Jerry Lin wrote:
>
> Hi Chuck,
>
> Presumably, you mean “not behind https", since “Apache” refers to the
>> organization that develops and maintains a plethora of software products.
>>
>
Spell checker got me - I meant “httpd”, not “https”.
- Chuck
Hi Chuck,
Presumably, you mean “not behind https", since “Apache” refers to the
> organization that develops and maintains a plethora of software products.
>
Yes, “not behind https" (I meant not behind an Apache HTTP server)
> you can configure the TLS config listener:
>
>
>
> On Mar 10, 2024, at 12:39, Jerry Lin wrote:
>
> For those of us with a publicly accessible instance of Tomcat (e.g. not
> behind Apache), is there a good way of having a renewed SSL/HTTPS
> certificate take effect without restarting Tomcat?
Presumably, you mean “not behin
how to reload SSL certificates without restarting Tomcat
Hello,
For those of us with a publicly accessible instance of Tomcat (e.g. not behind
Apache), is there a good way of having a renewed SSL/HTTPS certificate take
effect without restarting Tomcat?
Thank you,
Je
Hello,
For those of us with a publicly accessible instance of Tomcat (e.g. not
behind Apache), is there a good way of having a renewed SSL/HTTPS
certificate take effect without restarting Tomcat?
Thank you,
Jerry
On 23/02/2024 01:14, bigelytechnol...@yahoo.com wrote:
This spammer has been unsubscribed and banned from re-subscribing.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail:
, 2024 at 12:07 AM Simon Arame wrote:
> We have Tomcat 9.0.81 running under OpenJDK 1.8.0_402-b06
>
> Since the latest OpenJDK upgrade we get some errors when trying to perform
> SSL Operations like obtaining the bytes of an HTTPS url or sending an email
> through SMTP with T
Hello Simon,
> -Ursprüngliche Nachricht-
> Von: Simon Arame
> Gesendet: Donnerstag, 22. Februar 2024 18:06
> An: users@tomcat.apache.org
> Betreff: NoClassDefFoundError for SSL operations
>
> We have Tomcat 9.0.81 running under OpenJDK 1.8.0_402-b06
>
> Since
We have Tomcat 9.0.81 running under OpenJDK 1.8.0_402-b06
Since the latest OpenJDK upgrade we get some errors when trying to perform
SSL Operations like obtaining the bytes of an HTTPS url or sending an email
through SMTP with TLS on.
Note that with the same jdk, those operations succeed when
: Friday, October 13, 2023 1:04 PM
To: Tomcat Users List
Subject: Re: Tomcat 9.0.81 Degraded ssl performance
On Fri, Oct 13, 2023 at 9:25 AM Rathore, Rajendra wrote:
>
> Hi Team,
>
> Can you please share the release plan for 9.0.82 version, as we are planning
> to update i
s,
> Rajendra Rathore
> 9922701491
>
> -Original Message-
> From: i...@flyingfischer.ch
> Sent: Thursday, October 12, 2023 10:54 AM
> To: users@tomcat.apache.org
> Subject: Re: Tomcat 9.0.81 Degraded ssl performance
>
> Am 12.10.23 um 03:01 schri
9.0.81 Degraded ssl performance
Am 12.10.23 um 03:01 schrieb Paul Zepernick:
> Thank you Chuck
>
> Paul
>
> From: Chuck Caldarale
> Sent: Wednesday, October 11, 2023 8:54:59 PM
> To: Tomcat Users List
> Subject: Re: Tomcat 9.0.81
Am 12.10.23 um 03:01 schrieb Paul Zepernick:
Thank you Chuck
Paul
From: Chuck Caldarale
Sent: Wednesday, October 11, 2023 8:54:59 PM
To: Tomcat Users List
Subject: Re: Tomcat 9.0.81 Degraded ssl performance
NOTICE: This email originated from outside
Thank you Chuck
Paul
From: Chuck Caldarale
Sent: Wednesday, October 11, 2023 8:54:59 PM
To: Tomcat Users List
Subject: Re: Tomcat 9.0.81 Degraded ssl performance
NOTICE: This email originated from outside of the organization. Do not click
links or open
gt; 50-60 seconds. We were finally able to narrow the issue down to the SSL
> connector. Adding an HTTP connector and bypassing ssl resolves the
> performance issue. We have also tested rolling back to 9.0.80 with the same
> configuration and verified the issue does not exist.
>
Tomcat Version: 9.0.81
OS: Windows Server 2016
We recently patched one of our QA servers to test 9.0.81 and ran into
performance issues. Page loads that normally take 1-2 seconds are now taking
50-60 seconds. We were finally able to narrow the issue down to the SSL
connector. Adding an HTTP
Elavarasan,
On 10/6/23 06:32, Elavarasan Pugazhendi wrote:
Hi,
I have a pfx certificate and am trying to import it into a keystore before
configuring it within the tomcat but not able to add the pfx certificate. I
followed the below steps but wasn't able to add the certificate
Tomcat: 9.0.62
Hi,
I have a pfx certificate and am trying to import it into a keystore before
configuring it within the tomcat but not able to add the pfx certificate. I
followed the below steps but wasn't able to add the certificate
Tomcat: 9.0.62
OS: RHEL 8
1. keytool -genkey -alias tomcat.net -keyalg RSA
On 25/09/2023 10:50, Aniket Pachpute wrote:
Hi,
We are getting a timeout exception when POST request size is >8k and SSL is
enabled in the tomcat.
Below are the exception details:
org.apache.catalina.connector.Request.parseParameters Exception thrown
whilst processing POSTed paramet
Hi,
We are getting a timeout exception when POST request size is >8k and SSL is
enabled in the tomcat.
Below are the exception details:
org.apache.catalina.connector.Request.parseParameters Exception thrown
whilst processing POSTed parameters
org.apache.catalina.connector.ClientAbortExcept
Bill,
On 9/22/23 13:25, Bill wrote:
Hello All,
I may have started my SSL Cert install & config at step 2 instead of
step 1... :-(
Most mistakes are recoverable :)
Basically I have created my key store, my p12 file and have my cert all in
a sub directory of the conf directory.
Hello All,
I may have started my SSL Cert install & config at step 2 instead of
step 1... :-(
Basically I have created my key store, my p12 file and have my cert all in
a sub directory of the conf directory.
I have updated the server xml with my connectors per online directions.
Yet my
;hostName="example.com"
> honorCipherOrder="true"
> protocols="+TLSv1.2,+TLSv1.3"
> certificateVerification="required"
>
> truststoreFile="${catalina.base}/conf/ssl/cacerts.jks"
>
Kaushal,
please check the new configuration method with SSLHostConfig - your's is
probably from an older version, right? In the working version you already use
it.
see my (redacted) config:
truststoreFile="${catalina.base}/conf/ssl/cacert
Hi,
I am attaching both server.xml for one way SSL and Two Way SSL
One way SSL
/opt/tomcat10/conf/server.xml -> tomcat10serverworkingonewaytls.xml
(working)
Two way SSL /opt/tomcat10/conf/server.xml
-> tomcat10serverworkingtwowaytls.xml (Not working)
Please comment. Thanks in advance.
On Thu, Aug 10, 2023 at 11:29 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Kaushal,
>
> On 8/7/23 22:23, Kaushal Shriyan wrote:
> > Hi,
> >
> > I have gone through
> https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html.
> > Is
Kaushal,
On 8/7/23 22:23, Kaushal Shriyan wrote:
Hi,
I have gone through https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html.
Is there a way to enable two way SSL (mutual) in Apache Tomcat 10 Version
10.0.27?
Please guide me.
Thanks in Advance.
I see you have "gone through&quo
Hi,
I have gone through https://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html.
Is there a way to enable two way SSL (mutual) in Apache Tomcat 10 Version
10.0.27?
Please guide me.
Thanks in Advance.
Best Regards,
Kaushal
-Original Message-
From: Mark Thomas
Sent: Thursday, August 3, 2023 2:14 PM
To: users@tomcat.apache.org
Subject: [External] Re: Using dedicated SSL handshake failure logger
On 03/08/2023 16:53, Amit Pande wrote:
> What am I missing in the logger configuration? Do we have to have the cons
On 03/08/2023 16:53, Amit Pande wrote:
What am I missing in the logger configuration? Do we have to have the console
handler configured?
Is CATALINA_HOME set correctly?
Do you see any log file at all in the expected location?
Mark
Hello all,
Facing an odd issue with logging the SSL handshake details:
I have this in my logging.properties:
handlers = 1catalina.org.apache.juli.AsyncFileHandler
.handlers = 1catalina.org.apache.juli.AsyncFileHandler
1catalina.org.apache.juli.AsyncFileHandler.level = FINE
Hi all.
Finally found out the issue.
And had nothing to do with tomcat.
There are two web applications under this particular instance of tomcat
Both of them contain an http client that issues https connections.
Application A sets explicitly the certificate store type to PKCS
Application B
Ivano,
On 6/27/23 09:15, Ivano Luberti wrote:
We had another Linux server that should have been identical to the one
where the problem was occuring. Tested the same software on that without
the issue.
So we cloned the latter and replaced the former.
>
Now everything works as expected.
Hi Chris, thank you for your dedication.
We had another Linux server that should have been identical to the one
where the problem was occuring. Tested the same software on that without
the issue.
So we cloned the latter and replaced the former.
Now everything works as expected.
Before the
Ivano,
On 6/8/23 06:10, Ivano Luberti wrote:
Hi, all I have the following problem.
[snip]
My guess is that looking at the code in this general area would be
helpful. If you are able to add debug logging in there to spoit-out some
of the crypto configuration being used, I'm sure it would
wrote:
My web application executes an SSL connection but fails with the
following exception
AxisFault: java.security.NoSuchAlgorithmException: Error
constructing implementation (algorithm: Default, provider: SunJSSE,
class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
That "algo
Ivano,
On 6/8/23 06:10, Ivano Luberti wrote:
My web application executes an SSL connection but fails with the
following exception
AxisFault: java.security.NoSuchAlgorithmException: Error constructing
implementation (algorithm: Default, provider: SunJSSE, class
by a
client written by me that the web application uses as a library) I
cannot understand where is the difference in using SSL by the two
clients (the one inside Tomcat and other running standalone).
Since I'm not expert in SSL matters I don't know how to search for
differences between the two
Hello Ivano,
> -Ursprüngliche Nachricht-
> Von: Ivano Luberti
> Gesendet: Donnerstag, 8. Juni 2023 12:10
> An: users@tomcat.apache.org
> Betreff: problem with SSL connection
> java.security.NoSuchAlgorithmException: Error constructing implementation
>
> Hi,
Hi, all I have the following problem.
My web application executes an SSL connection but fails with the
following exception
AxisFault: java.security.NoSuchAlgorithmException: Error constructing
implementation (algorithm: Default, provider: SunJSSE, class:
sun.security.ssl.SSLContextImpl
, for the help.
Ralph
> On Mar 21, 2023, at 6:38 AM, Ralph Grove wrote:
>
>>> I set up the server last year and installed the SSL certificate with no
>>> problem. This year, after the original certificate expired, I downloaded
>>> the new certificate provided by GoDaddy,
Ralph,
On 3/21/23 06:38, Ralph Grove wrote:
> [snip]
>
Alias name: tomcat
Creation date: Mar 21, 2023
Entry type: trustedCertEntry
You created a keystore with no keys.
Where is the key you used to generate the CSR? That key needs to be in
your keystore under the alias 'tomcat' alongside
> On Mar 21, 2023, at 4:25 AM, Mark Thomas wrote:
>
> On 21/03/2023 01:09, Ralph Grove wrote:
>> I'm having a problem installing a new SSL certificate on a GoDaddy-hosted
>> server running Tomcat. Any suggestions for resolving it would be appreciated.
>> I
On 21/03/2023 01:09, Ralph Grove wrote:
I'm having a problem installing a new SSL certificate on a GoDaddy-hosted
server running Tomcat. Any suggestions for resolving it would be appreciated.
I set up the server last year and installed the SSL certificate with no problem. This
year, after
helpful than I...sorry.
On Mon, Mar 20, 2023 at 9:14 PM Robert Turner wrote:
> I believe the default certificate alias used by Tomcat is "tomcat". I
> think you are creating your keystore with the alias "root".
>
> (see https://tomcat.apache.org/tomcat-9.0-doc/ssl
I believe the default certificate alias used by Tomcat is "tomcat". I think
you are creating your keystore with the alias "root".
(see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html for docs on
Tomcat SSL configuration -- adjust for the version you are running)
On Mo
I'm having a problem installing a new SSL certificate on a GoDaddy-hosted
server running Tomcat. Any suggestions for resolving it would be appreciated.
I set up the server last year and installed the SSL certificate with no
problem. This year, after the original certificate expired, I
gt; Are both, private and public key in the p12 file?
>> Can you check the contents with keytool?
>> Alternatively, you can also use pem files, they are more readable than
>> p12.
>>
>> Greetings, Thomas
>>
>> > -Ursprüngliche Nachricht-
>
of the issue?
On 3/18/23, Kevin Huntly wrote:
> Hello Everyone,
>
> I'm having an issue with my SSL connector:
>
>
> 18-Mar-2023 14:12:46.996 SEVERE [main]
> org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
> initialize component
> [Connect
vin Huntly
> Gesendet: Samstag, 18. März 2023 20:30
> An: Tomcat Users List
> Betreff: Re: SSL issue
>
> I was able to read the keystore with both openssl and keytool, but for some
> reason the private key within the pkcs#12 file had a different password than
> the
> keystone pa
etings, Thomas
>
> > -Ursprüngliche Nachricht-
> > Von: Kevin Huntly
> > Gesendet: Samstag, 18. März 2023 19:15
> > An: users@tomcat.apache.org
> > Betreff: SSL issue
> >
> > Hello Everyone,
> >
> &g
the contents with keytool?
Alternatively, you can also use pem files, they are more readable than p12.
Greetings, Thomas
> -Ursprüngliche Nachricht-
> Von: Kevin Huntly
> Gesendet: Samstag, 18. März 2023 19:15
> An: users@tomcat.apache.org
> Betreff: SSL issue
>
> Hel
Hello Everyone,
I'm having an issue with my SSL connector:
18-Mar-2023 14:12:46.996 SEVERE [main]
org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to
initialize component
[Connector[org.apache.coyote.http11.Http11Nio2Protocol-8443
On 22/02/2023 19:59, James Boggs wrote:
Has anyone been able to complete a successful SSL Implementation on
Tomcat 9.0.69, Java 11, and Oracle ORDS 22.2?
We had SSL working with Tomcat 9.0.65, Java 8, and ORDS 21, on an Oracle
19c database with Oracle APEX 21 (on Windows Server 2012).
Now
Has anyone been able to complete a successful SSL Implementation on Tomcat
9.0.69, Java 11, and Oracle ORDS 22.2?
We had SSL working with Tomcat 9.0.65, Java 8, and ORDS 21, on an Oracle 19c
database with Oracle APEX 21 (on Windows Server 2012).
Now ORDS requires Java 11 which does not have
On 16/02/2023 16:44, jonmcalexan...@wellsfargo.com.INVALID wrote:
Hi Mark!
Thanks so much. Please provide the sample code. :-)
https://people.apache.org/~markt/dev/custom-certificate-debug-logs.txt
Enjoy.
Mark
-
To
3 8:09 AM
> To: users@tomcat.apache.org
> Subject: Re: Basic SSL Certificate Usage logging
>
> On 15/02/2023 23:03, Mark Thomas wrote:
> > On 15/02/2023 22:56, jonmcalexan...@wellsfargo.com.INVALID wrote:
> >> They also had this question.
> >>
> >>
On 15/02/2023 23:03, Mark Thomas wrote:
On 15/02/2023 22:56, jonmcalexan...@wellsfargo.com.INVALID wrote:
They also had this question.
There seems to be no need to print both TEXT and HEX representations,
like below (just HEX string should be fine):
KeyIdentifier [
: CD 35 CB AD 62 91 65
by reply e-mail and delete this message. Thank you for
your cooperation.
-Original Message-
From: Mark Thomas
Sent: Wednesday, February 15, 2023 4:48 PM
To: users@tomcat.apache.org
Subject: Re: Basic SSL Certificate Usage logging
On 15/02/2023 22:17, jonmcalexan
by reply e-mail and delete this message. Thank you for
your cooperation.
> -Original Message-
> From: jonmcalexan...@wellsfargo.com.INVALID
>
> Sent: Wednesday, February 15, 2023 4:57 PM
> To: users@tomcat.apache.org
> Subject: RE: Basic SSL Certificate Usage logging
received this message in error, please advise
the sender immediately by reply e-mail and delete this message. Thank you for
your cooperation.
> -Original Message-
> From: Mark Thomas
> Sent: Wednesday, February 15, 2023 4:48 PM
> To: users@tomcat.apache.org
> Subject
, February 15, 2023 2:17 PM
To: users@tomcat.apache.org
Subject: Re: Basic SSL Certificate Usage logging
On 10/02/2023 15:42, jonmcalexan...@wellsfargo.com.INVALID wrote:
Once again, Awesome Possum! You guys are the greatest!
How about this? (uses the simple toString() approach)
https
age-
> From: Mark Thomas
> Sent: Wednesday, February 15, 2023 2:17 PM
> To: users@tomcat.apache.org
> Subject: Re: Basic SSL Certificate Usage logging
>
> On 10/02/2023 15:42, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Once again, Awesome Possum! You guys are the greatest!
3 2:17 PM
> To: users@tomcat.apache.org
> Subject: Re: Basic SSL Certificate Usage logging
>
> On 10/02/2023 15:42, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Once again, Awesome Possum! You guys are the greatest!
>
> How about this? (uses the simple toString() approach)
>
On 10/02/2023 15:42, jonmcalexan...@wellsfargo.com.INVALID wrote:
Once again, Awesome Possum! You guys are the greatest!
How about this? (uses the simple toString() approach)
https://people.apache.org/~markt/dev/cert-log-example.txt
Enabled with:
t; To: users@tomcat.apache.org
> Subject: Re: Basic SSL Certificate Usage logging
>
> On 09/02/2023 19:49, Christopher Schultz wrote:
> > Jon,
> >
> > On 2/9/23 11:39, jonmcalexan...@wellsfargo.com.INVALID wrote:
> >> My thinking is that the teams requ
@tomcat.apache.org
Subject: Re: Basic SSL Certificate Usage logging
Hi Jon,
The current message looks like this:
09-Feb-2023 09:09:53.939 INFO [main]
org.apache.tomcat.util.net.AbstractEndpoint.logCertificate Connector
[https-
jsse-nio-8443], TLS virtual host [_default_], certificate type [RSA
to
do. :)
-chris
-Original Message-
From: Mark Thomas
Sent: Thursday, February 9, 2023 3:24 AM
To: users@tomcat.apache.org
Subject: Re: Basic SSL Certificate Usage logging
Hi Jon,
The current message looks like this:
09-Feb-2023 09:09:53.939 INFO [main
t.apache.org
> Subject: Re: Basic SSL Certificate Usage logging
>
> Hi Jon,
>
> The current message looks like this:
>
> 09-Feb-2023 09:09:53.939 INFO [main]
> org.apache.tomcat.util.net.AbstractEndpoint.logCertificate Connector [https-
> jsse-nio-8443], TLS virtual
.
-Original Message-
From: Mark Thomas
Sent: Wednesday, February 8, 2023 10:37 AM
To: users@tomcat.apache.org
Subject: Re: Basic SSL Certificate Usage logging
On 08/02/2023 16:24, jonmcalexan...@wellsfargo.com.INVALID wrote:
Hi Mark,
So, is this something that can/will be added in the future? I
gt; Subject: Re: Basic SSL Certificate Usage logging
>
> On 08/02/2023 16:24, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Hi Mark,
> >
> > So, is this something that can/will be added in the future? I tested my
> thought of setting the java logging.properties to a specifi
gt; Subject: Re: Basic SSL Certificate Usage logging
>
> On 08/02/2023 16:24, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Hi Mark,
> >
> > So, is this something that can/will be added in the future? I tested my
> thought of setting the java logging.properties to a specifi
rg
> Subject: Re: Basic SSL Certificate Usage logging
>
> On 08/02/2023 16:24, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Hi Mark,
> >
> > So, is this something that can/will be added in the future? I tested my
> thought of setting the java logging.propertie
@tomcat.apache.org
Subject: Re: Basic SSL Certificate Usage logging
On 10/01/2023 13:52, Christopher Schultz wrote:
Jon,
On 1/9/23 18:17, jonmcalexan...@wellsfargo.com.INVALID wrote:
Yes Chris, It's just for during startup. For a particular instance I
would like to capture the Certificate Info and Truststore
and delete this message. Thank you for
your cooperation.
> -Original Message-
> From: Mark Thomas
> Sent: Tuesday, January 10, 2023 8:23 AM
> To: users@tomcat.apache.org
> Subject: Re: Basic SSL Certificate Usage logging
>
> On 10/01/2023 13:52, Christopher S
: Tuesday, January 10, 2023 4:27 PM
> To: users@tomcat.apache.org
> Subject: Re: Basic SSL Certificate Usage logging
>
> Jon,
>
> On 1/10/23 13:37, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Ultimately it would be nice to be able to log it in Jason format for
> > in
pe\":\"RSA\",
... }"
}
Isn't this what logstash is for?
-chris
-Original Message-----
From: Christopher Schultz
Sent: Tuesday, January 10, 2023 7:52 AM
To: users@tomcat.apache.org
Subject: Re: Basic SSL Certificate Usage logging
Jon,
On 1/9/23 18:17, jonmcalexan...@w
; From: Christopher Schultz
> Sent: Tuesday, January 10, 2023 7:52 AM
> To: users@tomcat.apache.org
> Subject: Re: Basic SSL Certificate Usage logging
>
> Jon,
>
> On 1/9/23 18:17, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Yes Chris, It's just for during startup. For a par
t.apache.org
> Subject: Re: Basic SSL Certificate Usage logging
>
> On 10/01/2023 13:52, Christopher Schultz wrote:
> > Jon,
> >
> > On 1/9/23 18:17, jonmcalexan...@wellsfargo.com.INVALID wrote:
> >> Yes Chris, It's just for during startup. For a particular instance I
, 2023 8:10 AM
To: users@tomcat.apache.org
Subject: Re: Basic SSL Certificate Usage logging
Jon,
On 1/6/23 15:53, jonmcalexan...@wellsfargo.com.INVALID wrote:
Thanks for the info.
In a nutshell I think the certpath,provider would be sufficient. I'm
thinking that I can add this to the java options
, January 9, 2023 8:10 AM
To: users@tomcat.apache.org
Subject: Re: Basic SSL Certificate Usage logging
Jon,
On 1/6/23 15:53, jonmcalexan...@wellsfargo.com.INVALID wrote:
Thanks for the info.
In a nutshell I think the certpath,provider would be sufficient. I'm
thinking that I can add
Subject: Re: Basic SSL Certificate Usage logging
Jon,
On 1/6/23 15:53, jonmcalexan...@wellsfargo.com.INVALID wrote:
Thanks for the info.
In a nutshell I think the certpath,provider would be sufficient. I'm
thinking that I can add this to the java options as
-Djava.security.debug=ssl:certpath
. Thank you for
your cooperation.
> -Original Message-
> From: Christopher Schultz
> Sent: Monday, January 9, 2023 8:10 AM
> To: users@tomcat.apache.org
> Subject: Re: Basic SSL Certificate Usage logging
>
> Jon,
>
> On 1/6/23 15:53, jonmcalexan...@wellsfargo.co
checking to see if there is any out-of-the-box option to
capture in a log which SSL certificate and trust keystore is being
used during startup?
What do you mean "during startup"? I originally read that as "for
incoming connections" thinking that you wanted to log
, please advise
the sender immediately by reply e-mail and delete this message. Thank you for
your cooperation.
> -Original Message-
> From: Christopher Schultz
> Sent: Friday, January 6, 2023 2:41 PM
> To: users@tomcat.apache.org
> Subject: Re: Basic SSL Certificat
...@wellsfargo.com.INVALID wrote:
Good afternoon and Happy New Year,
I know about the SSL debug logging, however, I'm checking to see if
there is any out-of-the-box option to capture in a log which SSL
certificate and trust keystore is being used during startup?
Thanks,
Dream * Excel * Explore * Inspire
Jon
:
Good afternoon and Happy New Year,
I know about the SSL debug logging, however, I'm checking to see if there is
any out-of-the-box option to capture in a log which SSL certificate and trust
keystore is being used during startup?
Thanks,
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior
Good afternoon and Happy New Year,
I know about the SSL debug logging, however, I'm checking to see if there is
any out-of-the-box option to capture in a log which SSL certificate and trust
keystore is being used during startup?
Thanks,
Dream * Excel * Explore * Inspire
Jon McAlexander
Senior
> Now there is a single method. This should
> do what you need:
>
> SSLHostConfig[] sslHostConfigs = httpHandler.findSslHostConfigs();
>
> for (SSLHostConfig sslHostConfig : sslHostConfigs) {
> sslHostConfig.setHonorCipherOrder(true);
> }
That is even better now, thanks.
>
>
> Mark
On 06/12/2022 08:50, Torsten Krah wrote:
Hi,
using tomcat-embed 9.x I was able to customize my protocol handler like
this:
AbstractHttp11Protocol httpHandler = ((AbstractHttp11Protocol)
connector.getProtocolHandler());
httpHandler.setSSLHonorCipherOrder(true);
Hi,
using tomcat-embed 9.x I was able to customize my protocol handler like
this:
AbstractHttp11Protocol httpHandler = ((AbstractHttp11Protocol)
connector.getProtocolHandler());
httpHandler.setSSLHonorCipherOrder(true);
httpHandler.setUseServerCipherSuitesOrder(true);
Switched to 10.1.1 now
1 - 100 of 4634 matches
Mail list logo
