RE: Restriction of TLS version in HTTP2 over HTTPS with OpenSSL

2021-10-18 Thread Natraj Thekkan
Hi Mark or Chris, Based on Chris statement, it has to be addressed in tomcat. Can I raise a Bug in Bugzilla for this observation?. Regards, Natraj -Original Message- From: Christopher Schultz Sent: Monday, October 18, 2021 10:14 PM To: users@tomcat.apache.org Subject: Re: Restriction o

RE: Potential Memory Leak with StandardManager [EXTERNAL]

2021-10-18 Thread Beard, Shawn
Update to Tomcat 9.0.54. This could be a known security bug that is fixed in this version. https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.54 ​ Shawn Beard• Sr. Systems Engineer Middleware Engineering [cid:image624605.png@3C243DDD.ADE52D22] 3840 109th Street

Potential Memory Leak with StandardManager

2021-10-18 Thread Tim K
Running 4 balanced nodes of tomcat 9.0.52 in Linux. While running with production load, memory usage is slowly growing, it does not appear to really drop unless the OS/tomcat is restarted. I did a load test locally with just login actions, did a heap dump, and MAT says: One instance of org.apach

Re: Restriction of TLS version in HTTP2 over HTTPS with OpenSSL

2021-10-18 Thread Christopher Schultz
Natraj, On 10/18/21 01:19, Natraj Thekkan wrote: @Mark Thanks for your response. We have tested by removing that line of code, still client able to establish the connection with server using TLSv1 and TLSv1.1. Below one is configured in java.security file. jdk.tls.disabledAlgorithms=

Re: Restriction of TLS version in HTTP2 over HTTPS with OpenSSL

2021-10-18 Thread Mark Thomas
On 18/10/2021 06:19, Natraj Thekkan wrote: Hi, @Mark Thanks for your response. We have tested by removing that line of code, still client able to establish the connection with server using TLSv1 and TLSv1.1. Below one is configured in java.security file. jdk.tls.disabledAlgorithms=SS