Thanks for your support and suggestion, the client code will be distributed
to many clients as command line interface, so changing the JDK with 1.7
will take time and effort.
I found the way to set the SSL property in JDK6 and JDK5, after the below
changes code is working fine:
I don t think you will achieve what you want to via disabling SSL protocol
using sslEnabledProtocols.
The vulnerability I think it is due to vulnerability in ssl 3.0 issue.
will not stop access to the application.
You may want to revert your changes back, and check the firewall settings
or
Thank you, Mark!
On Tue, Jan 20, 2015 at 12:18 AM, Mark Thomas ma...@apache.org wrote:
On 16/01/2015 14:05, Leonid Rozenblyum wrote:
Hello Mark.
We do explicit forced expiration of http session in one of SSO enabled
apps (Application1 : session.invalidate() )
and it didn't cause session
Hi folks,
Recently my application cannot be accessible in browser with https version.
I think it is due to vulnerability in ssl 3.0 issue.
I checked my tomcat configuration and replaced sslProtocol=TLS with
sslEnabledProtocols=TLSv1,TLSv1.1,TLSv1.2 to disable SSL 3.0.
Connector port=8080
Hello,
Please keep SSLEnabled=true along with your existing configuration
Connector...
enableLookups=true disableUploadTimeout=true
acceptCount=100 maxThreads=200 SSLEnabled=true scheme=https
secure=true
clientAuth=false sslProtocols = TLSv1,TLSv1.1,TLSv1.2 /
Rajesh
On
Please follow the Apache document for the connector configuration.
Here is the sample connector configuration
Connector port=7443 protocol=org.apache.coyote.http11.Http11Protocol
maxThreads=150 SSLEnabled=true scheme=https
secure=true
clientAuth=true
On 20/01/2015 08:10, Leonid Rozenblyum wrote:
Thank you, Mark!
I spent some time stepping through the code using a default Tomcat
install with the following changes:
- SSO Valve uncommented in server.xml
- test.jsp added to ROOT app that shows request.getUserPrincipal
- uncomment user
Thanks, Raj, Sanaullah and Dave.
I am not sure if it is POODLE issue(
http://wiki.apache.org/tomcat/Security/POODLE), this solution is the same
with Raj's suggestion.
I will try, thanks.
On Tue, Jan 20, 2015 at 5:43 PM, Utkarsh Dave utkarshkd...@gmail.com
wrote:
I don t think you will achieve
Hi,
After moving one of our web applications from Tomcat 7 to Tomcat 8 (latest
8.0.17) the time for deploying and initializing the webapp increased by a
factor of 30 (6s vs. 180s). Analyzing the problem we found out that it had to
do with a signed jar in the WEB-INF/lib of the webapp. It is a
Is there a better way than stopping tomcat, removing the webapps folders,
switching the new wars in, and restarting tomcat? To ensure that everything
is properly refreshed.
Or is this just something (unpackWARs, etc) that should work fine and it's
just something about our configuration/situation
2015-01-18 2:00 GMT+03:00 Sean Dawson seandawson2...@gmail.com:
Hello,
I mentioned in an previous question that newer releases of tomcat7
(Windows) seems to be unpacking our war files to webapps when it wasn't
doing that previously. We were running fine prior to this and have
encountered
Hi Konstantin,
thanks for your comprehensive answer. On the version I am using
(7.0.28.0), the file pulse-java.jar is not present (using linux command
updatedb and locate to check).
I found my solution from the following link...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Matthew,
On 1/18/15 1:54 PM, Matthew Mah wrote:
I have setup a Tomcat server using spring-boot with SSL/TLS for
secure websockets.
Tomcat version? JVM version? Any relevant configuration?
This works for Android 4.4, iOS, Firefox, and Chrome
2015-01-20 17:33 GMT+03:00 Sean Dawson seandawson2...@gmail.com:
On Tue, Jan 20, 2015 at 8:41 AM, Konstantin Kolinko knst.koli...@gmail.com
wrote:
2015-01-18 2:00 GMT+03:00 Sean Dawson seandawson2...@gmail.com:
Hello,
I mentioned in an previous question that newer releases of tomcat7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Rajesh,
On 1/20/15 4:27 AM, Rajesh Biswas wrote:
Please keep SSLEnabled=true along with your existing
configuration
Connector... enableLookups=true disableUploadTimeout=true
acceptCount=100 maxThreads=200 SSLEnabled=true
scheme=https
On Tue, Jan 20, 2015 at 8:41 AM, Konstantin Kolinko knst.koli...@gmail.com
wrote:
2015-01-18 2:00 GMT+03:00 Sean Dawson seandawson2...@gmail.com:
Hello,
I mentioned in an previous question that newer releases of tomcat7
(Windows) seems to be unpacking our war files to webapps when it
2015-01-13 21:38 GMT+03:00 Théo Chamley theo...@mley.fr:
Hello,
I have setup a Tomcat cluster and I am now trying to get the FarmWarDeployer
to work.
However, it seems that the Deployer never checks my watchDir and therefore
never finds my new wars to deploy.
When starting Tomcat, the logs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jason,
On 1/20/15 4:17 AM, Jason Y wrote:
Recently my application cannot be accessible in browser with https
version. I think it is due to vulnerability in ssl 3.0 issue.
I checked my tomcat configuration and replaced sslProtocol=TLS
with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Théo,
On 1/19/15 3:59 PM, Théo Chamley wrote:
On 19 Jan 2015, at 20:16, Christopher Schultz
ch...@christopherschultz.net
mailto:ch...@christopherschultz.net wrote:
Signed PGP part Théo,
On 1/19/15 6:11 AM, Théo Chamley wrote:
On
On 2015-01-20 16:33, Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Théo,
On 1/19/15 3:59 PM, Théo Chamley wrote:
On 19 Jan 2015, at 20:16, Christopher Schultz
ch...@christopherschultz.net
mailto:ch...@christopherschultz.net wrote:
Signed PGP part Théo,
On
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: FarmWarDeployer not checking watchDir
So you can get a list of names, but you can't get any other
information about the files, like anything returned by stat().
Correct; stat() retrieves metadata that's stored in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Konstantin,
On 1/20/15 12:06 PM, Konstantin Kolinko wrote:
2015-01-13 21:38 GMT+03:00 Théo Chamley theo...@mley.fr:
Hello,
I have setup a Tomcat cluster and I am now trying to get the
FarmWarDeployer to work. However, it seems that the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Théo,
On 1/20/15 12:42 PM, Théo Chamley wrote:
Thanks, found my problem by adding even more debugging than you.
So, it came down to my watchDir being in 644 and not 755.
So, missing the execute bit?
Because of this, the war.exists() in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Théo,
On 1/20/15 5:53 PM, Théo Chamley wrote:
Yes, that’s it. A chmod +x on my watchDir fixed the problem (I knew
I was missing something silly…). As for Konstantin’s remark on the
path, I changed it before posting and made a mistake at this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Chuck,
On 1/20/15 6:10 PM, Caldarale, Charles R wrote:
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: FarmWarDeployer not checking watchDir
I'm actually really surprised that File.list() returns a list of
files
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: FarmWarDeployer not checking watchDir
I'm actually really surprised that File.list() returns a list of files
for the directory that does not have execute permissions.
That's per the POSIX standard: you only need
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Théo,
On 1/20/15 5:42 PM, Christopher Schultz wrote:
Théo,
On 1/20/15 12:42 PM, Théo Chamley wrote:
Thanks, found my problem by adding even more debugging than you.
So, it came down to my watchDir being in 644 and not 755.
So, missing the
its not necessary to have ciphers properties but if you want to restrict
the ciphers then you can use this property.
On Wed, Jan 21, 2015 at 6:53 AM, Jason Y day...@gmail.com wrote:
Thank you all. Now it is working fine.
Connector port=8443 protocol=org.apache.coyote.http11.Http11Protocol
On Tue, Jan 20, 2015 at 9:24 PM, Leo Donahue donahu...@gmail.com wrote:
On Tue, Jan 20, 2015 at 5:09 PM, Mark Thomas ma...@apache.org wrote:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.17.
- The RemoteAddrValve and RemoteHostValve can now optionally
Am 21.01.2015 um 04:24 schrieb Leo Donahue:
On Tue, Jan 20, 2015 at 5:09 PM, Mark Thomas ma...@apache.org wrote:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.17.
- The RemoteAddrValve and RemoteHostValve can now optionally include
the port when filtering
On Tue, Jan 20, 2015 at 5:09 PM, Mark Thomas ma...@apache.org wrote:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.17.
- The RemoteAddrValve and RemoteHostValve can now optionally include
the port when filtering along with a new option to trigger
Thank you all. Now it is working fine.
Connector port=8443 protocol=org.apache.coyote.http11.Http11Protocol
maxThreads=150 SSLEnabled=true scheme=https
secure=true
clientAuth=false sslProtocol=TLS
sslEnabledProtocols=TLSv1.2,TLSv1.1,TLSv1
On 20 Jan 2015, at 23:42, Christopher Schultz ch...@christopherschultz.net
wrote:
Signed PGP part
Théo,
On 1/20/15 12:42 PM, Théo Chamley wrote:
Thanks, found my problem by adding even more debugging than you.
So, it came down to my watchDir being in 644 and not 755.
So, missing
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.17.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
Apache Tomcat 8.0.17 includes numerous fixes for
Is there any way for stopping sessions to be created for each “first-time” GET
request to an ordinary page ? Because doesn't it seem redundant that even if
the developer is not using the session, the server will still create one ?
A real life popular website has millions of users at a time. So
On 21/01/2015 06:10, dku...@ccilindia.co.in wrote:
Dear All,
We have a client that is basically a JAVA desktop application that calls a
servlet which is hosted at Tomcat server.
The flow of request and response both are logged at the client as well as
the server end.( i.e each and
On 20/01/2015 11:01, Schulz-Hildebrandt, Ole wrote:
Hi,
After moving one of our web applications from Tomcat 7 to Tomcat 8
(latest 8.0.17) the time for deploying and initializing the webapp
increased by a factor of 30 (6s vs. 180s). Analyzing the problem we
found out that it had to do with
On 21/01/2015 06:04, sreya...@gmail.com wrote:
Is there any way for stopping sessions to be created for each
“first-time” GET request to an ordinary page ?
Don't create a session in that page. Tomcat doesn't create a session
unless the application asks for it.
Note:
- JSP pages create sessions
Dear All,
We have a client that is basically a JAVA desktop application that calls a
servlet which is hosted at Tomcat server.
The flow of request and response both are logged at the client as well as
the server end.( i.e each and every request and response is logged)
Now, the client sent a
Got another issue...Tomcat is working fine after restart but it cannot last
long.
Now I cannot access https pages with any browsers. I didn't find anything
useful in logs.
After a restart, it works well again.
Connector executor=tomcatThreadPool
port=8080 protocol=HTTP/1.1
40 matches
Mail list logo