Re: Tomcat 7 and APR connector parameters
On 21/09/2015 7:47 PM, "Mark Thomas" wrote: > > On 21/09/2015 10:45, Igor Cicimov wrote: > > On Mon, Sep 21, 2015 at 6:21 PM, Mark Thomas wrote: > > > >> On 21/09/2015 08:37, Igor Cicimov wrote: > >>> Hi all, > >>> > >>> After enabling the APR/Native connector I can see the following warning > >>> messages upon tomcat restart: > >>> > >>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting > >> property > >>> 'SSLDisableCompression' to 'true' did not find a matching property. > >>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting > >> property > >>> 'SSLHonorCipherOrder' to 'true' did not find a matching property. > >>> > >>> although I can see those options available in the documentation: > >>> > >> https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native > >> > >> You are looking at the docs for 7.0.64 but running 7.0.26. > >> > >> You need to use a more recent Tomcat 7.0.x release if you want to use > >> those features. > >> > >> Mark > >> > > > > Thanks Mark for confirming. Is it possible to specify this in the > > documentation like which feature is available since which release? > > That is (usually) in the change log. > > Each release ships with docs appropriate to that release. The website > always has the docs for the latest release. > > Mark > True but that means if I was interested in finding when was a feature introduced in tomcat 7 lets say I need to read dozens (depends on how lucky I am and when and where I start reading from) of change logs right? It would be helpful if the latest tomcat docs include something like: 'SSLHonorCipherOrder' | some description (available since tomcat 7.0.x) I see this on many other web sites for various products and I personally find this very useful and user friendly. Thanks, Igor
RE: Tomcat Connection Security
> From: Diego Maciel Gomes [mailto:diego_...@hotmail.com] > Subject: Tomcat Connection Security > I have Tomcat and Weblogic here. > I have an Oracle Database here. > My tomcat and weblogic connect into my oracle database. > For tomcat, in the context.xml file, we can see the username and password of > the connection. > For weblogic, it is configured different, like encrypted. Probably not really. > So, is there any way to protect this configuration/file for Tomcat? Read this: http://wiki.apache.org/tomcat/FAQ/Password - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Connection Security
Hello guys! I need your help regarding tomcat connection configuration to a database, so please! I have Tomcat and Weblogic here. I have an Oracle Database here. My tomcat and weblogic connect into my oracle database. For tomcat, in the context.xml file, we can see the username and password of the connection. For weblogic, it is configured different, like encrypted. So, is there any way to protect this configuration/file for Tomcat? Thanks, Diego
Re: Tomcat 7 and APR connector parameters
On 21/09/2015 10:45, Igor Cicimov wrote: > On Mon, Sep 21, 2015 at 6:21 PM, Mark Thomas wrote: > >> On 21/09/2015 08:37, Igor Cicimov wrote: >>> Hi all, >>> >>> After enabling the APR/Native connector I can see the following warning >>> messages upon tomcat restart: >>> >>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting >> property >>> 'SSLDisableCompression' to 'true' did not find a matching property. >>> WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting >> property >>> 'SSLHonorCipherOrder' to 'true' did not find a matching property. >>> >>> although I can see those options available in the documentation: >>> >> https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native >> >> You are looking at the docs for 7.0.64 but running 7.0.26. >> >> You need to use a more recent Tomcat 7.0.x release if you want to use >> those features. >> >> Mark >> > > Thanks Mark for confirming. Is it possible to specify this in the > documentation like which feature is available since which release? That is (usually) in the change log. Each release ships with docs appropriate to that release. The website always has the docs for the latest release. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 and APR connector parameters
On Mon, Sep 21, 2015 at 6:21 PM, Mark Thomas wrote: > On 21/09/2015 08:37, Igor Cicimov wrote: > > Hi all, > > > > After enabling the APR/Native connector I can see the following warning > > messages upon tomcat restart: > > > > WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting > property > > 'SSLDisableCompression' to 'true' did not find a matching property. > > WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting > property > > 'SSLHonorCipherOrder' to 'true' did not find a matching property. > > > > although I can see those options available in the documentation: > > > https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native > > You are looking at the docs for 7.0.64 but running 7.0.26. > > You need to use a more recent Tomcat 7.0.x release if you want to use > those features. > > Mark > Thanks Mark for confirming. Is it possible to specify this in the documentation like which feature is available since which release? Apologises if this has already been done and I have missed it somehow. Thanks again. Igor
Re: Tomcat 7 and APR connector parameters
On 21/09/2015 08:37, Igor Cicimov wrote: > Hi all, > > After enabling the APR/Native connector I can see the following warning > messages upon tomcat restart: > > WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'SSLDisableCompression' to 'true' did not find a matching property. > WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'SSLHonorCipherOrder' to 'true' did not find a matching property. > > although I can see those options available in the documentation: > https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native You are looking at the docs for 7.0.64 but running 7.0.26. You need to use a more recent Tomcat 7.0.x release if you want to use those features. Mark > > The relevant config in server.xml: > >SSLEngine="on" /> > > scheme="https" secure="true" SSLEnabled="true" >SSLDisableCompression="true" >SSLProtocol="all" >SSLHonorCipherOrder="true" >SSLCipherSuite="EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM > EECDH+ECDSA+SHA384 >EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 > EECDH+aRSA+RC4 >EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP > !DSS !RC4" >SSLCertificateChainFile="${catalina.base}/conf/cachain.pem" >SSLCertificateFile="${catalina.base}/conf/star.pem" >SSLCertificateKeyFile="${catalina.base}/conf/star_key.pem" /> > > Am I missing something or am I maybe hitting some limitation related to > tomcat/apr/tcnative version? > > > OS: Ubuntu 12.04.5 LTS > Tomcat: 7.0.26 (Ubuntu repository) > openssl: 1.0.1-4ubuntu5.31 > libtcnative-1: 1.1.22-1build1 > > Thanks, > Igor > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 and APR connector parameters
Hi Igro, I think you need to add the protocol attribute in the connector configuration so that it will load the connector with APR protocol="org.apache.coyote.http11.Http11AprProtocol" If the PATH (Windows) or LD_LIBRARY_PATH (on most unix systems) environment variables contain the Tomcat native library, the APR/native connector will be used. If the native library cannot be found, the blocking Java based connector will be used. Note that the APR/native connector has different settings for HTTPS than the Java connectors. you can verify the protocol attribute document here [1] https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support Regards, Sanaullah On Mon, Sep 21, 2015 at 12:37 PM, Igor Cicimov wrote: > Hi all, > > After enabling the APR/Native connector I can see the following warning > messages upon tomcat restart: > > WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'SSLDisableCompression' to 'true' did not find a matching property. > WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property > 'SSLHonorCipherOrder' to 'true' did not find a matching property. > > although I can see those options available in the documentation: > > https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native > > The relevant config in server.xml: > >SSLEngine="on" /> > > scheme="https" secure="true" SSLEnabled="true" >SSLDisableCompression="true" >SSLProtocol="all" >SSLHonorCipherOrder="true" >SSLCipherSuite="EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM > EECDH+ECDSA+SHA384 >EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 > EECDH+aRSA+RC4 >EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP > !DSS !RC4" >SSLCertificateChainFile="${catalina.base}/conf/cachain.pem" >SSLCertificateFile="${catalina.base}/conf/star.pem" >SSLCertificateKeyFile="${catalina.base}/conf/star_key.pem" /> > > Am I missing something or am I maybe hitting some limitation related to > tomcat/apr/tcnative version? > > > OS: Ubuntu 12.04.5 LTS > Tomcat: 7.0.26 (Ubuntu repository) > openssl: 1.0.1-4ubuntu5.31 > libtcnative-1: 1.1.22-1build1 > > Thanks, > Igor >
Tomcat 7 and APR connector parameters
Hi all, After enabling the APR/Native connector I can see the following warning messages upon tomcat restart: WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'SSLDisableCompression' to 'true' did not find a matching property. WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'SSLHonorCipherOrder' to 'true' did not find a matching property. although I can see those options available in the documentation: https://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native The relevant config in server.xml: Am I missing something or am I maybe hitting some limitation related to tomcat/apr/tcnative version? OS: Ubuntu 12.04.5 LTS Tomcat: 7.0.26 (Ubuntu repository) openssl: 1.0.1-4ubuntu5.31 libtcnative-1: 1.1.22-1build1 Thanks, Igor