RE: Tomcat SSL - Issue
Hello Christopher/Niranjan, Thankyou very much for the below information !!! The issue was with the Java version , we needs to upgrade the java version inorder to install the cert . Thankyou again for your support !!!. Thanks & Regards, Priyanka Kumawat | Middleware Admin T +91.7879364483 EMail - priyanka.kuma...@dxc.com DL - ams-leveraged-webadmin-offsh...@dxc.com DXC Technology -Original Message- From: Christopher Schultz Sent: 22 September 2021 02:53 To: users@tomcat.apache.org Subject: Re: Tomcat SSL - Issue Priyanka, On 9/21/21 13:52, Kumawat, Priyanka wrote: > Hello Team , > > Please find the error details as below - > > The site can't provide a secure connection . > > xmotam01.phl.com uses an unsupported protocol > > ERR_SSL_VERSION or CIPHER MISMATCH > > Unsupported protocol - The client and server don;t support a common > protocol version. Many versions of Java 1.7 do not support TLSv1.2. Try running this tool under your Java 1.7 environment for some good information: https://clicktime.symantec.com/3Sz9L481YBNoQcbTNkoLGRP7Vc?u=https%3A%2F%2Fgithub.com%2FChristopherSchultz%2Fssltest -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org DXC Technology Company -- This message is transmitted to you by or on behalf of DXC Technology Company or one of its affiliates. It is intended exclusively for the addressee. The substance of this message, along with any attachments, may contain proprietary, confidential or privileged information or information that is otherwise legally exempt from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate any part of this message. If you have received this message in error, please destroy and delete all copies and notify the sender by return e-mail. Regardless of content, this e-mail shall not operate to bind DXC Technology Company or any of its affiliates to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Getting SSLPeerUnverifiedException , when using httpclient-4.5.13
Hello, it looks like the SAN field of your certificate only contains the IP-address 10.106.206.143 but not the domain name parthise2.cisco.com. Chrome already switched in 2017 from the field "common name" to the field "subject alternative name", E.g. https://security.stackexchange.com/questions/172626/chrome-requires-san-names-in-certificate-when-will-other-browsers-ie-follow Best is to get a new certificate with a SAN field containing the domain name. Greetings, Thomas -Ursprüngliche Nachricht- Von: Parth Parikh -X (parparik - WIPRO LIMITED at Cisco) Gesendet: Dienstag, 28. September 2021 13:49 An: users@tomcat.apache.org Betreff: Getting SSLPeerUnverifiedException , when using httpclient-4.5.13 Hi, I am getting below exception error , when using httpclient-4.5.13 jar , javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [10.106.206.143] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at com.cisco.cpm.infrastructure.softwareupdates.http.HttpExecutor.executeGet(HttpExecutor.java:194) at com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.remoteServerStatus(CpmPatchUtil.java:1003) at com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.listPatchesFromAllNodes(CpmPatchUtil.java:551) at com.cisco.cpm.infrastructure.systemconfig.CpmPatchManagement.getInstalledPatches(CpmPatchManagement.java:90) at com.cisco.cpm.admin.infra.action.PatchInstallAction.loadGridData(PatchInstallAction.java:377) when I changed httpclient jar file from httpclient-4.5.13 to httpclient-4.4 . There is no exception error and code just works fine. Is there any better solution for this error? Will downgrading the version impact my application? Please guide me Thanks and Regards, Parth Parikh - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Getting SSLPeerUnverifiedException , when using httpclient-4.5.13
Hi, I am getting below exception error , when using httpclient-4.5.13 jar , javax.net.ssl.SSLPeerUnverifiedException: Certificate for doesn't match any of the subject alternative names: [10.106.206.143] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) at com.cisco.cpm.infrastructure.softwareupdates.http.HttpExecutor.executeGet(HttpExecutor.java:194) at com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.remoteServerStatus(CpmPatchUtil.java:1003) at com.cisco.cpm.infrastructure.systemconfig.CpmPatchUtil.listPatchesFromAllNodes(CpmPatchUtil.java:551) at com.cisco.cpm.infrastructure.systemconfig.CpmPatchManagement.getInstalledPatches(CpmPatchManagement.java:90) at com.cisco.cpm.admin.infra.action.PatchInstallAction.loadGridData(PatchInstallAction.java:377) when I changed httpclient jar file from httpclient-4.5.13 to httpclient-4.4 . There is no exception error and code just works fine. Is there any better solution for this error? Will downgrading the version impact my application? Please guide me Thanks and Regards, Parth Parikh
manager best practice
Hello, Are there any best practice notes for the manager app? eg, if include the app in webapps I get a context on my site, do I create a long name for the folder (the url) to hide it? eg folder called reallylongmanager1234567890 so I get http://xxx.site/reallylongmanager1234567890 Or is there a better way? Cheers Greg - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 9.0 async read becomes blocking with chunked transfer-encoding
Mark, Thank you very much for the quick fix Andrew > On Sep 27, 2021, at 8:54 AM, Mark Thomas wrote: > > On 27/09/2021 15:55, Mark Thomas wrote: >>> On 27/09/2021 09:08, Goldengate liu wrote: >>> Hi Mark, >>> >>>I’m uploading some test files >> Thanks for the test case. I'm looking at this now. > > Bug found and fixed. > > One thing to note is that with chunked encoding it is possible for you to see > isReady() return true only for the subsequent read to return 0 bytes. This > happens when just (or only part of) the chunked header is available. > > The sample code you provided handled this correctly. > > The fix will be in the October release round. The release process for that > should hopefully start later today. > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org