client write waits on postgresql RDS
Seeing client write waits on postgresql as attached in the image. Is there any bottle neck which is causing the client write waits on postgresql ? Below is the test setup Jmeter-->(load balanced tomcat on ec2 instances)>rds read replicas All these are running on different ec2 instances in AWS cloud in the same region below is the config of the http connector on tomcat: Below are the specs of the server: Ec2 instance which is running tomcat 8.5 c5.9x large 36 vpcu 72GB memory 10GBPS network EBS band width 9500 postgresql RDS db.r6g.16xlarge 512 GB memory 64 VCPU 25 Gibs network AWS Gravitron cpu --Ayub - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Heap allocations when switching from Tomcat 7 to Tomcat 8
James, > -Original Message- > From: James H. H. Lampert > Sent: Wednesday, June 09, 2021 1:13 PM > To: Tomcat Users List > Subject: Heap allocations when switching from Tomcat 7 to Tomcat 8 > > We are beginning to migrate some of our customers from Tomcat 7 to > Tomcat 8.5. > > Some of them have performance issues even with heap allocations of - > Xms4096m -Xmx5120m > > Would it be necessary to go even bigger with Tomcat 8.5? > > -- > JHHL > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org Somewhere after 7.x there was a change to the Tomcat class loader to not cache some resources that previously were cached. My notes say "classes" are no longer cached (but maybe other things loaded via getResourceAsStream() are still cached. I don't remember.) Ordinarily this would result in less heap usage (due to a smaller cache) but... Did you also change from Java 8 to something else, like 11? One big difference there is that the internal JAXB classes are gone. If you use JAXB, you need to include the corresponding external jars. With external JAXB jars, Tomcat 9 generates a lot more garbage than 7. John
Heap allocations when switching from Tomcat 7 to Tomcat 8
We are beginning to migrate some of our customers from Tomcat 7 to Tomcat 8.5. Some of them have performance issues even with heap allocations of -Xms4096m -Xmx5120m Would it be necessary to go even bigger with Tomcat 8.5? -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] Request: Encryption requirements for TLS and SSL for Tomcat
Emen-Eddine, > -Original Message- > From: Christopher Schultz > Sent: Wednesday, June 09, 2021 9:08 AM > To: users@tomcat.apache.org > Subject: Re: [OT] Request: Encryption requirements for TLS and SSL for > Tomcat > > Emen-Eddine, > > On 6/8/21 08:10, Emen-Eddine AISSAOUI wrote: > > Hello, > > > > I am contacting you regarding the cipher suite recommandations for TLS > > and SSL for Tomcat. > > > > This is an urgent request for a customer feedback. > > Since this is a customer who is presumably paying YOU for YOUR services, this > is probably an urgent request for YOU. If your customer(s) want to pay US to > help them, it may become urgent for US. > > > Could you please tell us which cipher suites are used and necessary > > and if there is any particular prequesites regarding TLS and SSL > > encryption for the proper functioning of Tomcat ? > > Tomcat will use a combination of your configuration and system (JVM) > support to determine which cipher suites will be used. Assuming at least one > cipher suite is in that set, Tomcat will "work". None are actually necessary. > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org If you're looking for actual cipher suite recommendations, I'm not going to make any but I will show you some useful resources. This is a list of the supported Java 11 cipher suites "sorted by order of preference." Hopefully good security is one of their preferences! https://docs.oracle.com/en/java/javase/11/security/oracle-providers.html#GUID-7093246A-31A3-4304-AC5F-5FB6400405E2 This is another useful site with information on whether a cipher suite is recommended or not. https://ciphersuite.info/cs/ You can cross reference the lists from those two sites. John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Request: Encryption requirements for TLS and SSL for Tomcat
Emen-Eddine, On 6/8/21 08:10, Emen-Eddine AISSAOUI wrote: Hello, I am contacting you regarding the cipher suite recommandations for TLS and SSL for Tomcat. This is an urgent request for a customer feedback. Since this is a customer who is presumably paying YOU for YOUR services, this is probably an urgent request for YOU. If your customer(s) want to pay US to help them, it may become urgent for US. Could you please tell us which cipher suites are used and necessary and if there is any particular prequesites regarding TLS and SSL encryption for the proper functioning of Tomcat ? Tomcat will use a combination of your configuration and system (JVM) support to determine which cipher suites will be used. Assuming at least one cipher suite is in that set, Tomcat will "work". None are actually necessary. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need help on ssl handshake logging for audit purpose
Hi John I am getting the output like this 10966181161114832473721710433823523866273491920411012289522541835156 0451112281652151321572412101201618710026238431618119549401121401171233324158 42501341314694224184221573623625026123232102239748963162282031315479568415410816714824988456515811161712381042357237101163207528011232191246200181691271811772110: A8 3C 2E B6 4E DD 31 26 AB F1 06 00 8C 2E E8 4F .<..N.1&...O 0010: D4 92 83 35 E1 DA 1D E7 A1 C8 CB E5 5A 2E DB FA ...5Z... : 60 C0 4A 1A 6D 42 B5 A1 72 53 F7 25 D9 68 03 26 `.J.mB..rS.%.h.& 0010: EB EE 42 1B 03 31 13 CC 6E 7A 59 34 FE B7 05 9C ..B..1..nzY4 : 22 70 51 FA 2D 6F E4 A5 D7 84 9D F1 D2 78 A1 57 "pQ.-o...x.W 0010: 64 1A EE 2B A1 51 C3 31 28 70 8C 75 7B 21 F1 3A d..+.Q.1(p.u.!.: : 83 04 6C 63 69 8A E8 0B F5 43 9E 05 0C 0A E8 16 ..lciC.. 0010: 96 93 E4 6A 87 13 F6 7D 0D 1D 20 08 27 31 82 27 ...j.. .'1.' 0020: 1B 8A F0 18 D2 DD 5E BB 0A DF A6 E2 14 81 E3 DC ..^. : 4A D4 E5 68 C2 63 F8 91 3D 76 B3 41 41 07 67 6D J..h.c..=v.AA.gm : 57 8A 27 73 2F B5 16 24 03 A3 21 37 D1 F4 29 32 W.'s/..$..!7..)2 : 4C B5 BB 4FL..O : B4 B7 59 3B..Y; 22618924724621010316224313810322810210322025425412734108751091578720586134212421861742242322282151444201162195251381361052262242071952223010517584 086134212421861742242322282151444201162195251381361052262242071952223010517584 050168210587015618110341164162418918160185202512541454715622811317821717232 050168210587015618110341164162418918160185202512541454715622811317821717232 017018119731266076432682421698238201241421872101374251165943619924771 017018119731266076432682421698238201241421872101374251165943619924771 0197513234491791511232391311646424511639144164531851431382451535291109105173 0197513234491791511232391311646424511639144164531851431382451535291109105173 0165273404544562229869431866751661420731628519075881212516497 0165273404544562229869431866751661420731628519075881212516497 0162215220131114313012964121735315431197818226189183158121672152730255135 0162215220131114313012964121735315431197818226189183158121672152730255135 0174251623522412132441636156193199643314391140113617521632383522891177 0174251623522412132441636156193199643314391140113617521632383522891177 016172153323923311721332236451412341979725524824323115820018920327155244 016172153323923311721332236451412341979725524824323115820018920327155244 02555162931826317721088252116103172112174681781811831591951062001732151285667 02555162931826317721088252116103172112174681781811831591951062001732151285667 02434513417921281596377905722819048352231781071546621230722431053615071 02434513417921281596377905722819048352231781071546621230722431053615071 0341744557183234171232141168229125938115013199142137050247921521265183188 0341744557183234171232141168229125938115013199142137050247921521265183188 013962213818324423661197416712420868203102001795024773201441213623025467 013962213818324423661197416712420868203102001795024773201441213623025467 02263295187184129931764824618134152429721124328179572171522446620714230247 02263295187184129931764824618134152429721124328179572171522446620714230247 025210871552362171396122248195434021117619979659286210176194770163241139 025210871552362171396122248195434021117619979659286210176194770163241139 028159162521301292351143532172061711341592073874203241142251185189489420 028159162521301292351143532172061711341592073874203241142251185189489420 03956222114828171171751315334156124240187685701262397019722317714025541 020363141169591622613713314615297431001152129929143100621753222047191159 : 60 C0 4A 36 03 5F 3E DD 94 1C AB AB 4B 83 35 22 `.J6._>.K.5" 0010: 9C 7C F0 BB 44 39 00 7E EF 46 C5 DF B1 8C FF 29 D9...F.) : 83 F1 8F 38 CB 3F 8D A9 3B A2 1A 89 85 92 98 61 ...8.?..;..a 0010: 2B 64 73 D4 63 1D 8F 64 3E 11 35 16 CC 47 5B 9F +ds.c..d>.5..G[. : FC 59 08 24 49 7F 24 E5 17 98 15 9C 6D 4D CF 34 .Y.$I.$.mM.4 0010: 45 C6 58 A9 45 5A 78 38 0D 4F 52 1A 65 43 B0 2C E.X.EZx8.OR.eC., 0020: 17 C4 B5 23 DE 57 15 60 2C 65 24 B6 2B 9A 31 AE ...#.W.`,e$.+.1. : CD F2 EE 3C 1C D1 1F 13 A5 EB AA 8A DA EF A2 09 ...< : 6F 30 03 F9 0E C4 79 F1 C8 2E E3 57 6F 90 26 C8 o0yWo.&. : 34 24 0E D74$.. : 2B D4 B7 01+... 18221835149659103228381331551575241147331031321291661321159 No client Hello messages etc., in the Catalina.out log. I tried to change the encoding but still the same issue. Thanks & Regards, Raghav From: john.e.gr...@wellsfargo.com.INVALID Date: Wednesday, 9 June 2021 at 7:20 PM To: users@tomcat.apache.org Subject: RE: Need help on ssl handshake logging for audit purpose Raghav, > -Original Message- > From: Ragavendhiran Bhiman (rabhiman) > Sent: Wednesday, June
RE: Need help on ssl handshake logging for audit purpose
Raghav, > -Original Message- > From: Ragavendhiran Bhiman (rabhiman) > Sent: Wednesday, June 09, 2021 6:47 AM > To: Tomcat Users List > Subject: Re: Need help on ssl handshake logging for audit purpose > > Kindly help me on the below. > > Thanks a lot for the help. > > From: Ragavendhiran Bhiman (rabhiman) > Date: Tuesday, 8 June 2021 at 7:18 PM > To: users@tomcat.apache.org > Subject: Need help on ssl handshake logging for audit purpose Hi All, > > In our product we are using jdk8 and tomcat apache latest version. I have > enabled -Djavax.net.debug=ssl:handshake from jdk side. But I could see the > handshake logging are coming as hex in the Catalina.out log messages. I want > to know how to print the message in the proper English format. Is any other > mistake I am doing? > Kindly help me in this regard. > > Thanks & Regards, > Raghav Can you provide an example? When I use that same debug flag, the only hex I see is for binary content, such as the content of a cert. John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need help on ssl handshake logging for audit purpose
Kindly help me on the below. Thanks a lot for the help. From: Ragavendhiran Bhiman (rabhiman) Date: Tuesday, 8 June 2021 at 7:18 PM To: users@tomcat.apache.org Subject: Need help on ssl handshake logging for audit purpose Hi All, In our product we are using jdk8 and tomcat apache latest version. I have enabled -Djavax.net.debug=ssl:handshake from jdk side. But I could see the handshake logging are coming as hex in the Catalina.out log messages. I want to know how to print the message in the proper English format. Is any other mistake I am doing? Kindly help me in this regard. Thanks & Regards, Raghav