Re: GC allocation failure

On Mon, Jan 8, 2018 at 10:26 AM, Mark Thomas wrote: > On 08/01/18 15:16, Christopher Schultz wrote: > > > > >> Therefore, the first time that the GC runs, the process can take > >> longer. Also, the heap is more likely to be fragmented and require > >> a heap compaction. To

Re: GC allocation failure

On Mon, Jan 8, 2018 at 10:16 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Suvendu, > > On 1/5/18 6:46 AM, Suvendu Sekhar Mondal wrote: > > I really never found any explanation behind this "initial=max" heap > > size theory

RE: Why will Tomcat not accept EC cipher suites?

Chris, > -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Monday, January 08, 2018 8:16 PM > To: users@tomcat.apache.org > Subject: Re: Why will Tomcat not accept EC cipher suites? > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > >

Re: Why will Tomcat not accept EC cipher suites?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 John, On 1/8/18 6:28 PM, john.e.gr...@wellsfargo.com.INVALID wrote: > Chris and Mark, >> -Original Message- From: Christopher Schultz >> [mailto:ch...@christopherschultz.net] Sent: Monday, January 08, >> 2018 5:21 PM To:

RE: Why will Tomcat not accept EC cipher suites?

Chris and Mark, > -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Monday, January 08, 2018 5:21 PM > To: users@tomcat.apache.org > Subject: Re: Why will Tomcat not accept EC cipher suites? > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256

Re: internalProxies regex

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Harrie, On 1/5/18 3:47 AM, Harrie Robins wrote: > our tomcat application server are fronted by 1. cloudflare, and 2. > amazon load balancer. In apache there is mod_remote IP and I can > simply put in CIDR range: https://www.cloudflare.com/ips/ that

Re: Why will Tomcat not accept EC cipher suites?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/8/18 3:36 PM, Mark Thomas wrote: > On 08/01/18 19:34, john.e.gr...@wellsfargo.com.INVALID wrote: >> All, >> >> I'm using Tomcat 7.0.82 and java 1.8.0_152. >> >> I cannot get Tomcat to accept elliptic curve ciphers. I've >> written a

Re: Why will Tomcat not accept EC cipher suites?

On 08/01/18 19:34, john.e.gr...@wellsfargo.com.INVALID wrote: > All, > > I'm using Tomcat 7.0.82 and java 1.8.0_152. > > I cannot get Tomcat to accept elliptic curve ciphers. I've written a small > SSL socket server that uses the same certificate as the server and deployed > it on the same

RE: Why will Tomcat not accept EC cipher suites?

Hello John, Technically, Java 1.8 provides the ciphers which are used by Tomcat and it definitely supports a lot of EC ciphers: https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites Do you get the HandShakeException when you access the Tomcat directly

Why will Tomcat not accept EC cipher suites?

All, I'm using Tomcat 7.0.82 and java 1.8.0_152. I cannot get Tomcat to accept elliptic curve ciphers. I've written a small SSL socket server that uses the same certificate as the server and deployed it on the same machine using the same JDK. It accepts EC ciphers just fine so I don't think

Re: internalProxies regex

Am 08.01.2018 um 16:44 schrieb Harrie Robins: Thanks for the update I enabled logging for remoteIpFilter like: I thought you were using the remoteIpValve. org.apache.catalina.filters.RemoteIpFilter.level = ALL For the valve it should be org.apache.catalina.valves.RemoteIpValve

RE: WELCOME to users@tomcat.apache.org

Thanks Andre for the help, We are routing the request from IIS 7.5 to Apache using reverse Proxy. It seems like Apache is not allowing the authentication nor its accepting the username and password passed from IIS. -- The AJP connector details in Server to XML were uncommented as shown in

Re: internalProxies regex

Thanks for the update I enabled logging for remoteIpFilter like: org.apache.catalina.filters.RemoteIpFilter.level = ALL I do get matches when visiting. Is it also possible to print the list of IP’s? I have no clue how to do that. Regards, Harrie On 5 January 2018 at 16:32,

Re: GC allocation failure

On 08/01/18 15:16, Christopher Schultz wrote: >> Therefore, the first time that the GC runs, the process can take >> longer. Also, the heap is more likely to be fragmented and require >> a heap compaction. To avoid that, till now my strategy is to: - >> Start application with the minimum heap

Re: GC allocation failure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Suvendu, On 1/5/18 6:46 AM, Suvendu Sekhar Mondal wrote: > I really never found any explanation behind this "initial=max" heap > size theory until I saw your mail; although I see this type of > configuration in most of the places. It will be

Re: ALv2 Tomcat Training material

On 05/01/18 22:09, Don Flinn wrote: > Hi Mark, > > I think this is an excellent and useful task. The first step is to define > the audiences of which I would like to suggest five. > > 1. Experienced System administrators with experience in security and SSL > 2. Experienced System administrators

Re: Using existing LetsEncrypt certs with tomcat

On 06/01/18 18:46, Paul Beard wrote: > > >> On Jan 4, 2018, at 1:53 AM, Mark Thomas wrote: >> >> This might help. >> >> https://www.youtube.com/watch?v=I6TbMqH9WFg >> > It was, along with the script (after a little search and

Re: Subscription to tomcat-users

On 05/01/18 20:44, Coty Sutherland wrote: > Is there some reason why this user can't subscribe to the users@ list? > They found me in freenode and seemingly get no response from the list > emails (users@ and users-help@). That usually means that the e-mail is failing to get past our spam filters.