Re: OutOfMemoryError: PermGen space

Cris: Couple of things here. First, you can use in any Java 6 Update 45 and above the Java Visual VM, to monitor in real time the memory utilization done by the Java virtual machine. This will show you both the Help and Perm Gen memory graphs. You can find this tool in the bin directory of any

Re: Tomcat FREAK Issue

Hello Chris, We are using Tomcat version: 6.0.36.0 JRE 1.6.0 Do you think I need to change the settings to the following: Really look forward to your expertise on this. Thank you On Thu, Jul 14, 2016 at 7:07 PM, Christopher Schultz < ch...@christopherschultz.net>

Re: Facing issue while configuring SSL

Dear all: The issue was solved, it was compounded by several factors, once full path to the certificates was used. The SSL Certificate was created using the wrong FQDN, which meant that the hostname to IP address resolution done by the browser was failing. The telnet command was done using the

Re: Tomcat FREAK Issue

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Uzair, On 7/14/16 10:12 AM, uzair rashid wrote: > Running Tomcat 6.x Which one exactly? > and every week during vulnerability scans we are having the > following results: > > Vulnerability References: > > SSL/TLS Server Factoring RSA Export Keys

Re: How do I start and stop just the tomcat admin application from a command line?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul, On 7/14/16 12:43 PM, Paul Roubekas wrote: > How do I start and stop just the tomcat admin application from a > command line? I had someone try to guess the password to my > Tomee-Plume server last night. Thankfully I changed the default >

Re: question on Java / Tomcat / GC

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, On 7/14/16 5:37 PM, David Kerber wrote: > On 7/14/2016 1:41 PM, André Warnier (tomcat) wrote: >> Hi Java GC gurus. >> >> I am coming for a bit of expert advice, not for a problem. >> >> At some customer site, some applications appear to

Re: SSL/TLS and ciphers vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 7/14/16 4:14 PM, Mark Thomas wrote: > On 14/07/2016 19:36, uzair rashid wrote: >> Jeffrey, >> >> Working for a corporation that has strict ssl and security >> requirements.. There is no way to use the tools you suggested, >> since the

Re: java

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ambica, On 7/14/16 4:31 PM, Sanka, Ambica wrote: > Does anyone facing issues with security from jdk1.8.0_51 onwards? > We wrote a Valve in tomcat that connects to our ldap and gets user > roles and groups. We connect ldap through ssl certificate. Our

Re: A complex issue concerning the application lifecycle, MBeans and Spring

On 14.07.2016 22:09, Mark Thomas wrote: > On 14/07/2016 21:14, Mark Thomas wrote: >> On 14/07/2016 09:26, Jäkel, Guido wrote: > > > >>> So maybe there should be a special code path in case of an ongoing >>> initialization on the top like the 'if(unloading)' clause. The note states, >>> that

Re: question on Java / Tomcat / GC

On 7/14/2016 1:41 PM, André Warnier (tomcat) wrote: Hi Java GC gurus. I am coming for a bit of expert advice, not for a problem. At some customer site, some applications appear to react somewhat slowly sometimes, although these are not very heavy applications, and traffic on the site is also

Re: SSL inconsistency

On 14/07/2016 15:09, i...@flyingfischer.ch wrote: > While testing locally the new 8.5 branch, I did experience some > inconsistency with self-sigend SSL certs. I did manage to resolve them > by installing Tomcat-Native library / APR, but maybe it is still worth > reporting in regard of the

java

Hi, Does anyone facing issues with security from jdk1.8.0_51 onwards? We wrote a Valve in tomcat that connects to our ldap and gets user roles and groups. We connect ldap through ssl certificate. Our ldap ssl Certificate is working fine till jdk1.8.0_45. From jdk1.8.0_51 , our applications

Re: SSL/TLS and ciphers vulnerability

On 14/07/2016 19:36, uzair rashid wrote: > Jeffrey, > > Working for a corporation that has strict ssl and security requirements.. > There is no way to use the tools you suggested, since the tomcat URLs are > not exposed. That doesn't stop you setting up a stand-alone test instance using the same

Re: A complex issue concerning the application lifecycle, MBeans and Spring

On 14/07/2016 21:14, Mark Thomas wrote: > On 14/07/2016 09:26, Jäkel, Guido wrote: >> So maybe there should be a special code path in case of an ongoing >> initialization on the top like the 'if(unloading)' clause. The note states, >> that one can't decide if a Servlet implements

Re: question on Java / Tomcat / GC

On Thu, Jul 14, 2016 at 9:15 PM, Anthony Biacco wrote: > On Thu, Jul 14, 2016 at 11:41 AM, André Warnier (tomcat) > wrote: > > > > Well, i'm not a GC expert by any stretch of the imagination, but i think > with your PrintGC options the "GC (System.gc())" and

Re: A complex issue concerning the application lifecycle, MBeans and Spring

On 14/07/2016 09:26, Jäkel, Guido wrote: > Hi Mark, > > OK - as a newbie I read this from the stack trace: ... > >> 20160713-161427.340 ERROR [catalina-exec-64] [] [[/]] >> StandardWrapper.Throwable >> [...] >>at >>

Re: question on Java / Tomcat / GC

On 14/07/2016 20:15, Anthony Biacco wrote: > Since they're consistent at every hour, the application may be calling the > System.gc That sounds like this bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=53267 Mark - To

Re: OutOfMemoryError: PermGen space

On 14/07/2016 20:26, Berneburg, Cris J. - US wrote: > Hi Folks > > I got this error from the Tomcat Web Application Manager after having stopped > and started one of the applications multiple times. (This was after > repeatedly deploying the application manually to attempt to find a bug that I

Re: [ANN] Apache Tomcat 8.5.4 available

On 14/07/2016 11:40, Johan Compagner wrote: >> >> >> This is the first stable release of the 8.5.x branch. Tomcat 8.x users >> should now use 8.5.x releases in preference to 8.0.x releases. >> >> > i thought 8.5.3 was the first stable release ;) Yep. My bad. Copy/paste error trying to do stuff

OutOfMemoryError: PermGen space

Hi Folks I got this error from the Tomcat Web Application Manager after having stopped and started one of the applications multiple times. (This was after repeatedly deploying the application manually to attempt to find a bug that I could not reproduce in my IDE.) Once the error occurred,

Re: question on Java / Tomcat / GC

On Thu, Jul 14, 2016 at 11:41 AM, André Warnier (tomcat) wrote: > Hi Java GC gurus. > > I am coming for a bit of expert advice, not for a problem. > > At some customer site, some applications appear to react somewhat slowly > sometimes, although these are not very heavy

ApacheCon Europe call for papers open

Dear Apache Enthusiast, As you are no doubt already aware, we will be holding ApacheCon in Seville, Spain, the week of November 14th, 2016. The call for papers (CFP) for this event is now open, and will remain open until September 9th. The event is divided into two parts, each with its own CFP.

Re: Apache server as forward and reverse proxy

On Thu, Jul 14, 2016 at 3:21 AM, Mohanavelu Subramanian wrote: > Hi All, > > I know this group is for tomcat related queries. > I have some query related to apache server, if someone have an idea about > this, I request you to please share. > > You should ask your questions on

Re: SSL/TLS and ciphers vulnerability

Jeffrey, Working for a corporation that has strict ssl and security requirements.. There is no way to use the tools you suggested, since the tomcat URLs are not exposed. On Thu, Jul 14, 2016 at 8:41 AM, Jeffrey Janner wrote: > Hi folks, > > I've been off the list

question on Java / Tomcat / GC

Hi Java GC gurus. I am coming for a bit of expert advice, not for a problem. At some customer site, some applications appear to react somewhat slowly sometimes, although these are not very heavy applications, and traffic on the site is also not very high. Amog several other things I'm

How do I start and stop just the tomcat admin application from a command line?

How do I start and stop just the tomcat admin application from a command line? I had someone try to guess the password to my Tomee-Plume server last night. Thankfully I changed the default password and the hacker only tried twice. I want to be able to keep the admin application closed most of

Re: [OT] mod-jk + ssl: requests are not forward to tomcat correctly

On Wed, Jul 13, 2016 at 8:44 AM, André Warnier (tomcat) wrote: > On 13.07.2016 16:34, Anthony Biacco wrote: > >> On Mon, Jul 11, 2016 at 5:39 PM, Wayne Li wrote: >> >> Probably the quickest : download these files, install them on your >>> server, and

SSL/TLS and ciphers vulnerability

Hi folks, I've been off the list for a bit, getting ducks in a row here and everything. I noticed a number of posts about SSL & TLS security settings lately and I wanted to point out that maintaining your SSL configurations is an on-going processes. New exploits are discovered and released

Re: Need help setting up SSL on Tomcat 8

On Thu, Jul 14, 2016 at 8:15 AM, Ognjen Blagojevic < ognjen.d.blagoje...@gmail.com> wrote: > Sean, > > On 13.7.2016 21:56, Sean Son wrote: > >> Thank you for your answer guys. Is there anywhere in the Tomcat config >> files that I would need to specify the DNS name? Like in Apache we >> would

Tomcat FREAK Issue

Hello Experts: Running Tomcat 6.x and every week during vulnerability scans we are having the following results: Vulnerability References: SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability Impact: Exploitation allows an attacker to bypass security restrictions on the

SSL inconsistency

While testing locally the new 8.5 branch, I did experience some inconsistency with self-sigend SSL certs. I did manage to resolve them by installing Tomcat-Native library / APR, but maybe it is still worth reporting in regard of the different behaviour for the same cert, between Tomcat

Re: Facing issue while configuring SSL

Devendra, On 14.7.2016 10:38, Devendra Sengar wrote: But the tomcat server is started without any error but won't able to open the home page of tomcat giving the error like: This site can’t be reached The webpage at *https://:8443/* might be temporarily down or it may have moved permanently to

Re: Need help setting up SSL on Tomcat 8

Sean, On 13.7.2016 21:56, Sean Son wrote: Thank you for your answer guys. Is there anywhere in the Tomcat config files that I would need to specify the DNS name? Like in Apache we would specify the DNS name in a Virtualhost. Take a look at context xml, attribute "name" in Host element [1],

Re: Facing issue while configuring SSL

2016-07-14 4:38 GMT-04:00 Devendra Sengar : > If i am giving the full path of the certificate like > c:/tomcat/conf/ then its taking the file, as the error i was > getting "SEVERE: Failed to initialize end point associated with > ProtocolHandler ["http-apr-443"]" that's no

Re: [ANN] Apache Tomcat 8.5.4 available

> > > This is the first stable release of the 8.5.x branch. Tomcat 8.x users > should now use 8.5.x releases in preference to 8.0.x releases. > > i thought 8.5.3 was the first stable release ;)

Apache server as forward and reverse proxy

Hi All, I know this group is for tomcat related queries. I have some query related to apache server, if someone have an idea about this, I request you to please share. I want to configure apache to act as both forward and reverse proxy. The official doc says "Apache can be configured in both a

Re: Facing issue while configuring SSL

If i am giving the full path of the certificate like c:/tomcat/conf/ then its taking the file, as the error i was getting "SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-apr-443"]" that's no more. But the tomcat server is started without any error but won't able to

RE: A complex issue concerning the application lifecycle, MBeans and Spring

Hi Mark, OK - as a newbie I read this from the stack trace: ... >20160713-161427.340 ERROR [catalina-exec-64] [] [[/]] StandardWrapper.Throwable >[...] >at > org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:136) >at