Re: SSL connect to APR fails - bad version
Kobe wrote: I build tcnative and apr from src with exist ver of openssl (means openssl not build my me). I load apr connector in tomcat as below. when my client connect, I cannot connect: i get bad version. please explain what I do wrong? server# ./apr-1-config --version 1.4.5 server# server# openssl version OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 server# /// APR Connector Configuration in Tomcat6 Connector port=443 protocol=org.apache.coyote.http11.Http11AprProtocol enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLCertificateFile=server_certificate.pem SSLCertificateChainFile=cachain.pem SSLCertificateKeyFile=server.key / $ openssl s_client -connect server.xxx.net:443 -debug -ssl3 CONNECTED(0003) write to 0x100119470 [0x100815e00] (95 bytes = 95 (0x5F)) - 16 03 00 00 5a 01 00 00-56 03 00 4e b5 d4 3e 2d Z...V..N..- 0010 - 57 eb 94 3c f8 0f a0 55-76 75 21 7c b3 f1 37 6f W.Uvu!|..7o 0020 - 99 2b 68 7c 65 b7 c9 2c-f6 1f dd 00 00 2e 00 39 .+h|e..,...9 0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f .8.5...3.2./ 0040 - 00 9a 00 99 00 96 00 05-00 04 00 15 00 12 00 09 0050 - 00 14 00 11 00 08 00 06-00 03 00 ff 02 01 .. 005f - SPACES/NULS read from 0x100119470 [0x100811400] (5 bytes = 5 (0x5)) - 48 54 54 50 2fHTTP/ write to 0x100119470 [0x10081b800] (7 bytes = 7 (0x7)) - 15 03 00 00 02 02 28 ..( 44414:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s3_pkt.c:293: $ Hi. I don't know if other members of this list will be as puzzled as I am, but it is not clear to me what you are trying to achieve. I mean that Tomcat is in principle a web server, normally answering web browser requests (via HTTP or HTTPS). What are you trying to do when you access it with the above type of client, and what are you sending to Tomcat, and why ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: o Tomcat alter the page encoding for JSP file created via Netbeans 7.01
Thanks Konstantin, I will make the changes.Now I understand somewhat as why for some of the files were complaining of mismatch encoding. On 11/6/2011 5:32 AM, Konstantin Kolinko wrote: 2011/11/5 Kiran Badiki...@poonam.org: %@page contentType=text/html pageEncoding=UTF-8% The above contentType value does not include charset argument. Thus the actual content type in HTTP response will be text/html; charset=ISO-8859-1, which does not match with your HTMLmeta tag below. !DOCTYPE html html head meta http-equiv=Content-Type content=text/html; charset=UTF-8 I'd recommend to use meta http-equiv=Content-Type content=%=response.getContentType()% so that Content-Type HTTP header and the aboveMETA tag always have the same value. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL connect to APR fails - bad version
2011/11/6 Kobe r...@mailcity.com: I build tcnative and apr from src with exist ver of openssl (means openssl not build my me). I load apr connector in tomcat as below. when my client connect, I cannot connect: i get bad version. please explain what I do wrong? server# ./apr-1-config --version 1.4.5 server# server# openssl version OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 server# /// APR Connector Configuration in Tomcat6 Connector port=443 protocol=org.apache.coyote.http11.Http11AprProtocol enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLCertificateFile=server_certificate.pem SSLCertificateChainFile=cachain.pem SSLCertificateKeyFile=server.key / $ openssl s_client -connect server.xxx.net:443 -debug -ssl3 44414:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s3_pkt.c:293: And what happens with $ openssl s_client -connect server.xxx.net:443 -debug -tls1 ? What is on line 293 in s3_pkt.c in the version of openssl the client side of the connection is using? I quick guess that clientserver cannot negotiate protocol version. There are some options on Connector that might be used to configure protocols ciphers that are supported. Note that - There were several security fixes in OpenSSL since that version that you are using. - You may try googling for your error message. It is mentioned a lot of times. - You are not mentioning what version of Tomcat x.y.z you are using. - There might be some messages in Tomcat log files. Does Tomcat start up cleanly? Re: Andre's question: That is openssl in command-line client mode, as a test whether it can connect to the server. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session expiration - browser -Web application
On 1:59 PM, Léa Massiot wrote: @Christopher : Thank you for your answer. Christopher wrote: The new session created is completely empty. It has nothing to do with the user going back in the history, etc. No, you are right. What I meant is that I was/am managing session expiration inside the Webapp (for instance if the user clicks a button which is inside the Webapp and if the session has expired, I redirect him to the log in page). Christopher wrote: I always try to have enough information in the page (form) so that resuming a workflow after a session timeout is a possibility. I'm sorry but I do not understand what you are explaining me here... A SOLUTION... I THINK. I have found a solution, here it is: for all the JSPs which require a user to be identified (*), I add the following code: % ASessionAttribute aSessionAttribute =ull; HttpSession httpSession =ull; httpSession =equest.getSession(); aSessionAttribute =ASessionAttribute) httpSession.getAttribute(aSessionAttribute); if(aSessionAttribute =null) { response.sendRedirect(the-log-in-page.jsp); } % Then if a user presses the F5 key and if the session has expired, he is properly redirected to the log in page. Best regards, -- Léa (*) That is to say, in my example, the aSessionAttribute object musn't be null. Hi, Léa- Using a filter to do this might simplify the code a little. -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: making security constraints configureable
2011/11/3 Leon Rosenberg rosenberg.l...@gmail.com: I have a situation where an application is accessable from outside in staging and production environment, but shouldn't be open for public in staging environment. Put it behind Apache HTTPD (or any other proxy) and let HTTPD handle authentication authorization instead of Tomcat. I'd advise against using BASIC auth in public internet, unless the channel is protected with HTTPS. What we did so far was, that we excluded everyone via web.xml: You can automate the above. If you pack your war file using Ant, you can use replaceregexp task. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org