Has anybody ever heard of "ECDHE-ECDSA-CHACHA20-POLY1305"? was Re: TLS protocols and cipher suites

[James H. H. Lampert]

I've just (same customer as before) been asked about
ECDHE-ECDSA-CHACHA20-POLY1305
and ECDHE-RSA-CHACHA20-POLY1305

and I can't find either one on the Sun or IBM JSSE cipher lists for Java 8.

--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Datasource Connection Pool

[Luis Rodríguez Fernández]

Hello Rajendra,

For instance if you are using MYSQL a validationQuery="l" in your
datasource configuration [1] plus the magic autoreconnect parameter in the
URL can do the trick for you. However this can have side effects (see the
mysql autoreconnect description).

In my experience the cheapest option use to be to restart your application.

Hope it helps,

Luis

[1] https://commons.apache.org/proper/commons-dbcp/configuration.html
[2]
https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-configuration-properties.html



El lun., 18 mar. 2019 a las 17:24, Rajendra ()
escribió:

> Hi,
>
> Tomcat(8.5.32) is not establishing connections to database after database
> is restarted. Currently, I am restarting Tomcat instance if DB is
> restarted. Please let me know any parameters need to be added to datasource
> resource element in Tomcat in order to establish database connections
> automatically after database back into online.
>
> Thanks !
>
> Rajendra
>
>

-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

Re: How to upgrade from 7.0.86 to 7.0.93

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Frank,

On 3/18/19 10:47 AM, Frank Sharpless wrote:
> Looking for advice on how to upgrade from version 7.0.86 to
> 7.0.93.
Have you ever done a Tomcat upgrade before?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlyP1oAACgkQHPApP6U8
pFhUmg/+PGQYoLWMII+3p9nyr6eg96WU6zDOWjHSSIO3gEtZJBb3AOne8le43BZf
v8+/9WOMXGZeDTOS3c6naeUF5I1NBVcZVZLBVOLufctZZnQ4wQmJ5Y9WbOvZahdu
zk49spYHnuGUJ2kNjvslV0v54KdwNCPpc0sIHuXgFMVC5ns9eif3tF683h+bGt2N
ENGK+lMEVz9xTAlnhIUc2sg3fXRGhhBr2t93gR8XnrHc0HdJSh8NsKKxqrmy4Lzr
5VlcnAgKSK2OBM2YDjDg4b9owGbMmu69ZziKtAhU4jDlF9cNJP14PrHZMerXS1YS
eBlLkPSZV9JS5EniKo8AbaX+0RHEm/2BYfIOdxmB2LCelmnEAJEmGt/oc49JEePL
X8upMdSZbg7j8sxNG1+ltMAAvdg+3zXupyjxq8XlmBrqEZGkmfnK3T/aHinOdkhx
VesPgkAgCWiNWZ5mlXlVM663DLMls2AjaZvGulVZ5o49Fo6hYvkLi3CwyMcYgxJo
cp/DuQx3i6aCK/727DiMv0icehA5GKvngy5p6js0p/5ra0lAHRp2Oy4HRDkxCDrQ
CnfjU1zwh6QgCnz3MBUT+FZyisToNF+B3Gg35ERkU31ziCiGoB8hHm4bVLdUUnNG
UMa4V282xUYZEccErSIVJdiAAtmeHC+LzSNImXmj2FfEhHLve28=
=l4CD
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Datasource Connection Pool

[Rajendra]

Hi,

Tomcat(8.5.32) is not establishing connections to database after database is 
restarted. Currently, I am restarting Tomcat instance if DB is restarted. 
Please let me know any parameters need to be added to datasource resource 
element in Tomcat in order to establish database connections automatically 
after database back into online.

Thanks !

Rajendra

Re: Tomcat 9 Nio2+OpenSSL problem (very likely a bug)

[i...@flyingfischer.ch]

Am 18.03.19 um 16:43 schrieb Igor T:
>> Since 9.0.12 and 16 do the same, I wouldn't look at that at all. Something
>> simple like this works in the general case, there must be something
>> specific here. So it's Windows, which some unspecified OpenSSL version.
>>
>> Rémy
> That's not right. After many tests I've found out that 9.0.12 build
> comes with [OpenSSL 1.0.2o  27 Mar 2018], while 9.0.16 comes with
> [OpenSSL 1.1.1a  20 Nov 2018].
> The problem was localized to OpenSSL 1.1.1a on Nio2.
> Also it became clear that establishing of connection takes more time
> with OpenSSL 1.1.1a on Nio.
> So it looks like OpenSSL 1.1.1a build is much less optimized and buggy.
>
> So the question is: how to change OpenSSL version that is shipped with
> the latest tomcat build back to 1.0.2?
> Any feedback appreciated.
>

I did have to reset some installations to Tomcat 8.5.35 to avoid using
TC native latest two versions on Linux. We have seen some bugfixes in
the lastes TC native, which did slightly improve the situation. But TC
still tends to crash on some machines (Linux).

Some of the changes made in native after 8.5.35 are unstable.

Markus

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 9 Nio2+OpenSSL problem (very likely a bug)

[Igor T]

> Since 9.0.12 and 16 do the same, I wouldn't look at that at all. Something
> simple like this works in the general case, there must be something
> specific here. So it's Windows, which some unspecified OpenSSL version.
>
> Rémy

That's not right. After many tests I've found out that 9.0.12 build
comes with [OpenSSL 1.0.2o  27 Mar 2018], while 9.0.16 comes with
[OpenSSL 1.1.1a  20 Nov 2018].
The problem was localized to OpenSSL 1.1.1a on Nio2.
Also it became clear that establishing of connection takes more time
with OpenSSL 1.1.1a on Nio.
So it looks like OpenSSL 1.1.1a build is much less optimized and buggy.

So the question is: how to change OpenSSL version that is shipped with
the latest tomcat build back to 1.0.2?
Any feedback appreciated.



Detailed test results:

The problem exist:
Apache Tomcat 9.0.16/Http11Nio2Protocol/OpenSSL 1.1.1a
18-Mar-2019 14:34:54.103 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
APR based Apache Tomcat Native library [1.2.21] using APR version
[1.6.5].
18-Mar-2019 14:34:54.103 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
18-Mar-2019 14:34:54.103 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
18-Mar-2019 14:34:54.103 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized [OpenSSL 1.1.1a  20 Nov 2018]
18-Mar-2019 14:34:54.306 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio2-80"]
18-Mar-2019 14:34:54.353 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-openssl-nio2-443"]
18-Mar-2019 14:34:54.947 INFO [main]
org.apache.catalina.startup.Catalina.load Server initialization in
[1,516] milliseconds
18-Mar-2019 14:34:54.994 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting
service [Catalina]
18-Mar-2019 14:34:54.994 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
engine: [Apache Tomcat/9.0.16]
success: 1, read 73 bytes for: 125ms
denial: 1, Connection reset
success: 2, read 73 bytes for: 94ms
denial: 2, Connection reset
success: 3, read 73 bytes for: 93ms
denial: 3, Connection reset
success: 4, read 73 bytes for: 78ms
denial: 4, Connection reset
success: 5, read 73 bytes for: 94ms
denial: 5, Connection reset

Apache Tomcat 9.0.17/Http11Nio2Protocol/OpenSSL 1.1.1a
18-Mar-2019 14:41:46.708 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
APR based Apache Tomcat Native library [1.2.21] using APR version
[1.6.5].
18-Mar-2019 14:41:46.708 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
18-Mar-2019 14:41:46.708 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
18-Mar-2019 14:41:46.724 INFO [main]
org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
successfully initialized [OpenSSL 1.1.1a  20 Nov 2018]
18-Mar-2019 14:41:46.896 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio2-80"]
18-Mar-2019 14:41:46.912 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["https-openssl-nio2-443"]
18-Mar-2019 14:41:47.443 INFO [main]
org.apache.catalina.startup.Catalina.load Server initialization in
[1,335] milliseconds
18-Mar-2019 14:41:47.474 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting
service [Catalina]
18-Mar-2019 14:41:47.474 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
engine: [Apache Tomcat/9.0.17]
success: 1, read 73 bytes for: 78ms
denial: 1, Connection reset
success: 2, read 73 bytes for: 93ms
denial: 2, Connection reset
success: 3, read 73 bytes for: 78ms
denial: 3, Connection reset
success: 4, read 73 bytes for: 94ms
denial: 4, Connection reset
success: 5, read 73 bytes for: 78ms
denial: 5, Connection reset


The problem does not exist:
Apache Tomcat 9.0.12/Http11Nio2Protocol/OpenSSL 1.0.2o
18-Mar-2019 14:30:21.917 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
APR based Apache Tomcat Native library [1.2.17] using APR version
[1.6.3].
18-Mar-2019 14:30:21.917 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
capabilities: IPv6 [true], sendfile [true], accept filters [false],
random [true].
18-Mar-2019 14:30:21.917 INFO [main]
org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true

How to upgrade from 7.0.86 to 7.0.93

[Frank Sharpless]

Team,

Looking for advice on how to upgrade from version 7.0.86 to 7.0.93.

Kind Regards.





A. Frank Sharpless

fsharpl...@paperhost.com


Chief Technology Officer

Ph: 678-397-1602



[Description: Description: 
cid:image001.gif@01C95ED6.51084AC0]

675 Mansell Rd, Suite 145
Roswell, GA 30076

www.PaperHost.com

Re: HTTPS Invalid character found in method name. HTTP method names must be tokens.

[Mark Thomas]

On 18/03/2019 10:49, Jan Vomlel wrote:

Thank you Mark. I enabled the logger org.apache.coyote.http11.

I cannot paste line 
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine here, 
because it contains not printable characters and copy paste doesnot work.


It seems like bug in tomcat or jdk.   ???


The client appears to be sending some unexpected binary data.

It could be something TLS related although I'd expect JSSE to just 
handle that.


It could be part of a previous request but that would mean a 
mis-behaving client.


Wireshark (or similar) should give us some more info.

Can you capture a Wireshark trace of a connection that fails like this 
from the initial TCP handshake all the way to the point where it fails? 
If you can put that somewhere we can get it and look at it we might see 
something relevant. Note you can filter the data just for the one 
connection. We shouldn't need anything else.


Thanks,

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HTTPS Invalid character found in method name. HTTP method names must be tokens.

[Jan Vomlel]

Thank you Mark. I enabled the logger org.apache.coyote.http11.

I cannot paste line 
org.apache.coyote.http11.Http11InputBuffer.parseRequestLine here, 
because it contains not printable characters and copy paste doesnot work.


It seems like bug in tomcat or jdk.   ???

Log contains now:

javax.net.ssl|DEBUG|3A|https-jsse-nio-8444-exec-7|2019-03-15 
16:28:59.286 CET|SSLEngineInputRecord.java:177|Raw read (

  : 17 03 03 02 36 00 00 00   00 00 00 00 01 D0 92 68 6..h
  0010: 70 28 49 97 60 15 4B C7   47 AB 58 58 58 54 13 94 p(I.`.K.G.XXXT..
  0020: 06 6B 81 4B BA 34 D0 4B   5D 54 53 93 B0 97 C6 93 .k.K.4.K]TS.
  0030: F0 84 B2 64 DA 35 CB 0F   76 48 68 B2 2D B5 D3 DC ...d.5..vHh.-...
  0040: 26 DC 1F 0C 08 FC FC 14   E4 6B 2C B2 E9 B2 F2 9A &k,.
  0050: 16 3D A7 6A 62 E6 21 CB   DE 61 30 24 41 9C E9 E8 .=.jb.!..a0$A...
  0060: 38 4F 12 6F 7A 9C 3F FF   86 6F 3A 7C 3B 8A 8C FA 8O.oz.?..o:.;...
  0070: 84 40 F5 25 3C DF B5 E8   4D 33 02 BE B1 90 65 95 .@.%<...M3e.
  0080: 64 3B A1 63 E5 5E E9 0F   E5 C4 D0 2B 76 BD 4D 49 d;.c.^.+v.MI
  0090: CF 3A C1 5D BA D6 BD 5B   B1 0C C9 73 AD 5A DA 6B .:.]...[...s.Z.k
  00A0: CE D0 24 D7 E6 1F A4 23   F6 6A 6A 90 E4 CB AD 36 ..$#.jj6
  00B0: 9A A9 27 2F 64 29 D8 8C   6B E0 A8 71 53 E7 68 7C ..'/d)..k..qS.h.
  00C0: 3C 8E EE 33 DE AE B3 93   1E 92 8D C0 44 64 96 0D <..3Dd..
  00D0: 38 90 78 48 F2 05 5B 86   42 7C A1 88 4B 8A 7B D2 8.xH..[.B...K...
  00E0: 5D 08 18 A9 A5 F5 9D FB   67 2D C9 B9 8B F9 56 68 ]...g-Vh
  00F0: E4 5C 99 26 C0 68 BB 94   8F 3E F8 85 15 F6 6F 98 .\.&.h...>o.
  0100: 1C 49 BF 28 1F C6 67 29   69 54 1D 43 11 BC 04 7F .I.(..g)iT.C
  0110: 9A BE 25 5E 5D 24 EB EA   AA 68 36 F5 02 9F C4 5A ..%^]$...h6Z
  0120: 83 98 77 FE 65 94 B6 BC   A2 72 44 54 71 29 39 DD ..w.erDTq)9.
  0130: 19 EB D0 42 80 DB C0 F5   DF EA 5C 4C EB 63 DD 4E ...B..\L.c.N
  0140: 81 A6 A4 31 1F 6A 91 4E   B1 37 E0 F2 EB 84 A5 3F ...1.j.N.7.?
  0150: 38 11 F4 7F B2 FE 90 0F   20 EE 33 86 65 B8 98 25 8... .3.e..%
  0160: D0 81 61 96 AA 16 14 3A   05 68 62 B5 F6 FA 2F A6 ..a:.hb.../.
  0170: 39 5C 36 26 3C 3C 03 CF   35 5F 44 1E B6 FD B3 36 9\6&<<..5_D6
  0180: 52 DF 92 D4 DB 2B 30 09   4E FE 80 55 63 12 BF AF R+0.N..Uc...
  0190: 59 65 09 27 B7 BC 65 97   76 BF 72 C4 7A C9 0F 22 Ye.'..e.v.r.z.."
  01A0: C1 36 FA F3 4A 16 4D B5   A0 47 4F DF 5F 6D 53 8A .6..J.M..GO._mS.
  01B0: 88 C6 F3 08 88 8B 82 18   7D 04 3A AC 6D 52 65 7A ..:.mRez
  01C0: DD 71 30 14 4C 5E 88 03   BC 1F C8 9F 1A AE 6B B7 .q0.L^k.
  01D0: 64 A6 AC 5C BD 6B 52 85   7B CE A2 9C 62 D6 26 C2 d..\.kR.b.&.
  01E0: 53 58 9C F0 72 56 D4 B7   14 D1 C2 16 88 F6 8C A0 SX..rV..
  01F0: CE C0 31 13 B1 BA CB D1   7D 4F 32 E5 3A C1 1B 1D ..1..O2.:...
  0200: D8 D2 51 29 11 4C C1 39   A1 AE 57 6C 44 20 E6 2C ..Q).L.9..WlD .,
  0210: 4E 7D 4E 19 B0 42 2B D8   AC 48 59 E7 09 78 BC 90 N.N..B+..HY..x..
  0220: 56 C8 B4 A4 CE 6D 55 3C   88 33 7F 97 B2 5D 91 A3 VmU<.3...]..
  0230: BF A9 EB 66 B3 A0 17 38   34 DA 91 14 03 03 00 01 ...f...84...
  0240: 01 16 03 03 00 28 00 00   00 00 00 00 00 00 3D 8A .(=.
  0250: 2C 0E 70 32 B8 81 A9 5C   32 B6 8C 59 56 89 17 4F ,.p2...\2..YV..O
  0260: 5A FC 3E 79 2C CB F5 2B   1E ED 87 9D CF 5B Z.>y,..+.[
)
javax.net.ssl|DEBUG|3A|https-jsse-nio-8444-exec-7|2019-03-15 
16:28:59.286 CET|SSLEngineInputRecord.java:214|READ: TLSv1.2 
application_data, length = 566
javax.net.ssl|DEBUG|3A|https-jsse-nio-8444-exec-7|2019-03-15 
16:28:59.286 CET|SSLEngineInputRecord.java:177|Raw read (

  : 14 03 03 00 01 01 16 03   03 00 28 00 00 00 00 00 ..(.
  0010: 00 00 00 3D 8A 2C 0E 70   32 B8 81 A9 5C 32 B6 8C ...=.,.p2...\2..
  0020: 59 56 89 17 4F 5A FC 3E   79 2C CB F5 2B 1E ED 87 YV..OZ.>y,..+...
  0030: 9D CF 5B   ..[
)
javax.net.ssl|DEBUG|3A|https-jsse-nio-8444-exec-7|2019-03-15 
16:28:59.286 CET|SSLEngineInputRecord.java:214|READ: TLSv1.2 
change_cipher_spec, length = 1
javax.net.ssl|DEBUG|3A|https-jsse-nio-8444-exec-7|2019-03-15 
16:28:59.286 CET|ChangeCipherSpec.java:143|Consuming ChangeCipherSpec 
message
javax.net.ssl|DEBUG|3A|https-jsse-nio-8444-exec-7|2019-03-15 
16:28:59.286 CET|SSLEngineInputRecord.java:177|Raw read (

  : 16 03 03 00 28 00 00 00   00 00 00 00 00 3D 8A 2C (=.,
  0010: 0E 70 32 B8 81 A9 5C 32   B6 8C 59 56 89 17 4F 5A .p2...\2..YV..OZ
  0020: FC 3E 79 2C CB F5 2B 1E   ED 87 9D CF 5B .>y,..+.[
)
javax.net.ssl|DEBUG|3A|https-jsse-nio-8444-exec-7|2019-03-15 
16:28:59.286 CET|SSLEngineInputRecord.java:214|READ: TLSv1.2 handshake, 
length = 40
javax.net.ssl|DEBUG|3A|https-jsse-nio-8444-exec-7|2019-03-15 
16:28:59.287 CET|SSLCipher.java:1629|Plaintext after DECRYPTION (

  : 14 00 00 0C 3F C5 0C 9D   0E 38 9D 04 97 92 35 D5 ?85.
)
javax.net.ssl|DEBUG|3A|https-jsse-nio-8444-exec-7|2019-03-15 
16:28:59.287 CET|Finished.java:581|Consuming client Fin