Upgrade to latest?
-Original Message-
From: Kenaw, Seretseab
Sent: Wednesday, October 13, 2021 12:16 PM
To: users@tomcat.apache.org
Subject: Security Vulnerability Question
Hello,
Our IT team just notified us with a severe security vulnerability on our web
application with the
The links and mirrors for the windows binaries at
"https://tomcat.apache.org/download-native.cgi; are all messed up. Some are
point to binaries compiled with openssl-1.1.1g where the holding sites have
1.1.1i and vice versa. For example
We use spring-security-saml for application-level SP implementation and it
works pretty good too. The project is in the process of being rewritten from
scratch though with 2.0 in milestone builds. No direct integration with Tomcat
though but on application level.
George
-Original
Chris
-Original Message-
From: Christopher Schultz
Sent: Friday, December 04, 2020 1:20 PM
To: users@tomcat.apache.org
Subject: Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?
> With the pluggability of Java's crypto interface, I seriously doubt
> Oracle is going
-Original Message-
From: Christopher Schultz
Sent: Friday, December 04, 2020 10:58 AM
To: users@tomcat.apache.org
Subject: Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?
George,
On 12/3/20 21:59, George Stanchev wrote:
> Java's FIPS mode is "expirmental&
-Original Message-
From: George Stanchev
Sent: Thursday, December 03, 2020 7:59 PM
To: Tomcat Users List ; Avik Ray
Subject: RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?
Java's FIPS mode is "expirmental" feature that was removed in later Java
versions. It
-Original Message-
From: George Stanchev
Sent: Thursday, December 03, 2020 7:59 PM
To: Tomcat Users List ; Avik Ray
Subject: RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?
Java's FIPS mode is "expirmental" feature that was removed in later Java
versions. It
Java's FIPS mode is "expirmental" feature that was removed in later Java
versions. It was never certified (AFAIK). To me the only two viable options are
via APR+OpenSSL 1.0.1/FIPS and BCFIPS. We have implemented the later and have
ran into issues with RSA keys. First the C# BCPROV doesn't
Hi Amit,
Consider changing "securerandom.strongAlgorithms" to
"NativePRNGNonBlocking:SUN" in your Java's "lib\security\java.security". The
default is "NativePRNGBlocking:SUN" and is really enthropy thirsty on startup
as it runs it's self tests and seeds its PRNG
George
-Original
ubject: Re: jstl jar location
вт, 20 окт. 2020 г. в 22:31, George Stanchev :
>
>
> I am hoping someone can shed some lights on a question. I did try to search
> online and SO but haven't had luck in figure it out so hopefully it is a
> quick answer from the people that know that s
I am hoping someone can shed some lights on a question. I did try to search
online and SO but haven't had luck in figure it out so hopefully it is a quick
answer from the people that know that stuff. We have an uber-lib folder where
we keep shared libraries in our TC85-hosted app. If we put
xy accepts and
doesn't accept. For completeness you might want to test how it responds to all
bytes from 0x00 to OxFF in a field name and/or value as well and ensure that it
is compliant with RFC 7230.
HTH,
Mark
On 24/07/2020 23:13, George Stanchev wrote:
> Chris,
>
> This is just sil
.
Cheers!
George
-Original Message-
From: Christopher Schultz
Sent: Friday, July 24, 2020 3:40 PM
To: users@tomcat.apache.org
Subject: Re: CVE-2020-1935
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
George,
On 7/24/20 15:15, George Stanchev wrote:
> The description for this
The description for this CVE is pretty vague (as perhaps necessary) but we have
a customer that is trying to assess their risk for this CVE. They are behind a
reverse-proxy. Even though the description on Tomcat's security page states
that the risk is low it doesn't describe how would a
To give some closure to the issue, it turned out to be networking related.
Still not clear how cleanup of the hosts file on the client machines fixed it
but that's what happened.
Thanks to all that chimed in earlier.
George
-Original Message-
From: George Stanchev
Sent: Monday, June
this behavior. Interestingly the same is observed
under othe OSes (Windows Server 2012) procured with their scrips...
Any help/ideas is much appreciated
George
-Original Message-
From: George Stanchev
Sent: Tuesday, June 23, 2020 10:31 AM
To: Tomcat Users List
Subject: RE: Tomcat
::jk_ajp_common.c (799): (worker-local) Header[4]
[Content-Length] = [0]
This is pretty standard, I can't see anything wrong...
-Original Message-
From: George Stanchev
Sent: Tuesday, June 23, 2020 10:33 AM
To: users@tomcat.apache.org
Subject: RE: Tomcat Connector issue
Thanks all
, Christopher Schultz wrote:
>>> George,
>>>
>>> On 6/22/20 17:13, George Stanchev wrote:
>>>> We are getting HSE_REQ_SEND_RESPONSE_HEADER failed with
>>>> error=87 (0x0057) on a 302 redirect proxied by TC connector
>>>> 1.2.46.
>>
We are getting HSE_REQ_SEND_RESPONSE_HEADER failed with error=87 (0x0057)
on a 302 redirect proxied by TC connector 1.2.46. I can see the 302 response
come over from TC and it looks legit. Trace logs below. Anyone else running
into a similar error or perhaps some clue as to why this can be
Currently, (in most cases) Tomcat creates an in-memory keystore and initializes
kmf as follows: KeyManagementFactory.getInstance(algo).init(keystore, kspass).
The in-memory keystore has the key, the certificate and the chain and nothing
else. This works fine in most cases but we've ran into a
I am trying to build tcnative on Windows 7 using VS 2017 and it has been
nothing but pain so far around the apr and tcnative itself. Any help is
appreciated. I did get around the apr issues (which were very similar to what I
am about to ask) by compiling via the .sln file. But the nmake route
Thanks Mark, will do!
-Original Message-
From: Mark Thomas
Sent: Thursday, October 31, 2019 3:04 PM
To: Tomcat Users List ; George Stanchev
Subject: Re: Client Cert TLS issue
On 16/10/2019 18:55, George Stanchev wrote:
> And this is not where it hangs. I stepped through the c
My question about the source stays, but I guess I should've RTFM where it
states that the wrapper uses # *or* ; as separator and if you want to embed
those character you need to wrap them in single quotes...
From: George Stanchev
Sent: Wednesday, October 30, 2019 1:33 PM
To: Tomcat Users List
I am trying to troubleshoot an issue where when I call tomcat8.exe with
following parameters it writes [2] to the registry (newline where the semicolon
was) and I am having trouble locating the source code repository for the
Windows service app. Can someone point me to it? (Or tell me what I've
To: users@tomcat.apache.org
Subject: Re: Client Cert TLS issue
Just a note to say I haven't forgotten this. I hope to look at this this week
unless someone beats me to it.
Mark
On 16/10/2019 17:55, George Stanchev wrote:
>
> On 15/10/2019 22:15, George Stanchev wrote:
>> Hi,
>>
&g
56
George,
On 10/16/19 12:55, George Stanchev wrote:
>
> On 15/10/2019 22:15, George Stanchev wrote:
>> Hi,
>>
>> I would need some help with tracking an issue with TC 8.5.47 (windows
>> x64, java: azul 1.8.0_222) configured with [1] and tcnative-1.dll.
>> When
On 15/10/2019 22:15, George Stanchev wrote:
> Hi,
>
> I would need some help with tracking an issue with TC 8.5.47 (windows x64,
> java: azul 1.8.0_222) configured with [1] and tcnative-1.dll. When a simple
> client tries to connect to the server, the server hangs on SSL han
Hi,
I would need some help with tracking an issue with TC 8.5.47 (windows x64,
java: azul 1.8.0_222) configured with [1] and tcnative-1.dll. When a simple
client tries to connect to the server, the server hangs on SSL handshake until
either the client times out on read or the server times out
So it seems to work. For whoever is interested to try, the openjsse comes
prebundled with Azul's distro, all you need to do is run with -XX:+UseOpenJSSE
command line option. On TC side, I added "TLSv1.3" to "sslEnabledProtocols":
sslEnabledProtocols="+TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3"
Also not
George,
On 8/1/19 16:42, George Stanchev wrote:
> As of recently Azul has backported the JSSE from Java 11 into Java
> 8 [1] and it is currently offering TLSv1.3 support in its Java 8
> distro [2].
Good for them. It's too bad Oracle is so conservative with its policies.
I have Azul o
As of recently Azul has backported the JSSE from Java 11 into Java 8 [1] and it
is currently offering TLSv1.3 support in its Java 8 distro [2]. Does this help
TC with JSSE SSL engine to also offer TLSv1.3 on its SSL listeners?
[1] https://github.com/openjsse/openjsse
[2]
What is your webapp using as HTTP client that handles the SSL?
-Original Message-
From: James Lampert
Sent: Friday, May 31, 2019 3:41 PM
To: Tomcat Users List
Subject: Re: AW: Outbound SSL?
This just keeps getting weirder and weirder.
I extracted the actual request
>
FWIW someone is submitting the same identical question (with only the project
name different) in the dozen or so Apache projects I am on mailing list of...
Just google "Hello, I am doing an investigation. Does Windows Server 2019
support" and see for yourself
It looks like a troll
Thanks Mark!
-Original Message-
From: Mark Thomas
Sent: Thursday, March 21, 2019 3:13 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat 8.5.39 on maven central
On 21/03/2019 21:00, George Stanchev wrote:
> Hi,
>
> The announcement went out few days ago but 8.5.39 is stil
Hi,
The announcement went out few days ago but 8.5.39 is still not out there [1]. I
know it takes a bit for maven central to pick it up but with the git migration
perhaps something got broken?
George
[1] https://mvnrepository.com/artifact/org.apache.tomcat/tomcat-catalina
In light of recent changes around allowing and subsequent relaxation of the
invalid characters handling in TC, I just noticed that TC behind IIS (via JK
connector/AJP) happily accepts ";<> etc while the HTTP connector rejects them.
Is this how the AJP connector it is supposed to work? Is the
Hi,
We are currently on the latest TC 8.5.37 but soon will be moving to latest 9.
Currently we use NIO connectors. I am having hard time evaluating the need (if
necessary) to switch to NIO2. Can someone point me to a good resource/link
where the two connectors are compared and which situations
This is an interesting discussion. Are there any guides to alleviating
management work of such deployments? For example, how do you deal with the port
mapping? Or logs - do you collect at a common location or let each app log in
its corner ? Can you share configuration across instances such as
Depends on what you're asking. If you're asking to use log4j to capture Tomcat
logging, then the answer is - you can't but you can use Log4j2 or JULI. If the
question is how to use log4j for your apps deployed under Tomcat, then answer
can be found easily...
From: Cheltenham, Chris
I guess I am looking for some pointers how to approach a certain scenario from
"the right way" of implementing it. Say you have a standard login form with
user/pass edits and "Login" and "Smartcard" buttons. The "Login" button does
Its obvious thing. The "Smartcard" button authenticates the
It is used, for example, if you want to front Tomcat by Apache Web Server or by
IIS (among others). In those cases the HTTP processing is done in the front
system and if necessary it is proxied to Tomcat via AJP. You take HTTP request
from that system, put it in an AJP record and send it over
Can you use catalina.properties? From the docs [1]
" All system properties are available including those set using the -D syntax,
those automatically made available by the JVM and those configured in the
$CATALINA_BASE/conf/catalina.properties file."
[1]
>On 07/12/17 21:12, Mark Thomas wrote:
>> On 07/12/17 20:48, George Stanchev wrote:
>>> I am trying to build TC 8.5.24 from source and running into checkstyle
>>> validation issues [1]. I looked at
>>> https://tomcat.apache.org/tomcat-8.5-doc/building.
I am trying to build TC 8.5.24 from source and running into checkstyle
validation issues [1]. I looked at
https://tomcat.apache.org/tomcat-8.5-doc/building.html and couldn't find
anything that suggest that the default target would not build, neither
checkstyle is mentioned. It is not a
> Note that also in the course of my investigations, somewhere I found a phrase
> to the effect that Mirosoft would be discouraging the future use of ISAPI
> modules in IIS, and recommends some other architecture instead now.
Do you remember where you saw that? Can you provide a link?
>> The problem is related to the new code that handles the case when a
>> file is stored in one encoding but served in another. Since changing
>> encodings can change the value and number of bytes served (for example
>> serving £ in UTF-8 requires two bytes but only one in ISO-8859-1).
>>
On 07/07/2017 20:56, George Stanchev wrote:
> Sorry, I didn't realize there is a -d option that gives you the full request
> and response. Here is the dump:
Thanks for the extra information.
I can't reproduce this yet. I'm going to hold off on closing the currently
running votes until
Sorry, I didn't realize there is a -d option that gives you the full request
and response. Here is the dump:
c:\>wget -d -S http://hostname:8085/testapp/javascript/jquery-1.8.3.min.js
SYSTEM_WGETRC = c:/progra~1/wget/etc/wgetrc
syswgetrc = C:\bin\gnuwin32/etc/wgetrc
Setting --server-response
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Friday, July 07, 2017 1:05 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Issue with static file in Tomcat 8.5.17
On 07/07/2017 19:09, George Stanchev wrote:
> Hi,
..
> Please let
Hi,
The current Tomcat 8.5.17 is under vote for release with +1s only. I took the
liberty to download the distributable before officially announced and am
running into an issue with it. Static file that used to download in 8.5.16 and
below now it doesn't. Chrome reports:
jquery-1.8.3.min.js:1
Hi,
Is a HTTP/2 call to Tomcat proxied via IIS / JK Connector (Tomcat Connector)
expected to succeed?
George
>> This has been fixed in 8.5.x for 8.5.15 onwards and 9.0.x for 9.0.0.M21
>> onwards.
Thanks Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Sunday, April 30, 2017 5:02 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: warning in tomcat logs
On 29/04/17 15:13, George Stanchev wrote:
> TC 8.5.14 and noticed in the logs the followin
TC 8.5.14 and noticed in the logs the following warning:
"The truststoreProvider [AnyCert] does not support the
certificateVerificationDepth configuration option"
In our case, we're using Shib's AnyCert trust manager to accept any client cert
on a particular connector as described here [1]. I
Mark,
Apologies for top posting. We have our own trust manager that is attached to
the connector because we want client certificates to be passed in the
application for validation and authentication rather than the connector. If we
switch to the OpenSSL/APR based certificate processing, would
Hi,
I am transitioning from Tomcat 7.0 to Tomcat 8.5 and I was wondering what do I
need to do to use log4j in 8.5. Reading this bug [1], it states that the
support for the for log4j has been dropped since it is EOLed. Now, there is a
comment on this issue from Mark that says that it is applied
Peter,
Depending at which slot you plug in BC in the Security context it might or it
might not get used depending on the cipher suites used by you SSL connection.
JSSE will ask Java for crypto implementation from the list of JCE providers and
if your BC is high on the list, it will get used.
It could be someone’s kids. I know mine has done similar damage. With tablets
and iphones hosting parent’s work pluce junior’s entertainment it could have
happened. Let us be gentle :)
From: Nick Childs [mailto:nchi...@ramsoft.com]
Sent: Tuesday, April 19, 2016 8:55 PM
To: Tomcat Users List
If you run tomcat via the windows server wrapper, you can
"%TOMCAT_EXE%" //US//%TOMCAT_SERVICE_NAME% --StdOutput "%TOMCAT_CONSOLE_LOG%"
--StdError "%TOMCAT_CONSOLE_LOG%"
Which will redirect the stderr and stdoout to the corresponding log files
George
-Original Message-
From: Joleen
-Original Message-
From: Rémy Maucherat [mailto:r...@apache.org]
Sent: Thursday, March 10, 2016 4:41 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: AJP protocol auto-switching default
2016-03-11 0:38 GMT+01:00 George Stanchev <gstanc...@serena.com>:
>
> Perhaps I am overlooking something, but the documentation for AJP [1]
> states for "protocol"
>
>
> The standard protocol value for an AJP connector is AJP/1.3 which uses
> an auto-switching mechanism to select either a Java based connector or
> an APR/native based connector. If the PATH
Perhaps I am overlooking something, but the documentation for AJP [1] states
for "protocol"
The standard protocol value for an AJP connector is AJP/1.3 which uses an
auto-switching mechanism to select either a Java based connector or an
APR/native based connector. If the PATH (Windows) or
It does not look like HTTP Basic. Did you try different browsers? IE, Chrome,
FF? Do you get same behavior with all? Is the user logging in member of the
domain your IWA is set up to?
If you set up a 3rd party IWA provider (such as Waffle), does it act the same
on all 3 browsers? There was a
> > However, with useRelativeRedirects="false" I see
> >
> > GET http://hostname/myapp?m=n=p
> > ==> 302: "http://hostname/login?a=b=d;
> >
> > The questions I have are 2: First, what happened with the trailing slash
> redirect. I vaguely remember discussions around it but I couldn't
> However, with useRelativeRedirects="false" I see
>
> GET http://hostname/myapp?m=n=p
> ==> 302: "http://hostname/login?a=b=d;
>
> The questions I have are 2: First, what happened with the trailing slash
> redirect. I vaguely remember discussions around it but I couldn't find
In Tomcat 7.0.67 with no "useRelativeRedirects" set on the context (which
defaults it to "true"), I see
GET http://hostname/myapp?m=n=p
==> 302: "login?a=b=d"
Now, this is expected behavior given the fix for [1]
[1] http://bz.apache.org/bugzilla/show_bug.cgi?id=56917
I reread
Hi,
Recent changes to Tomcat altered the behavior of our applications a bit so I've
got couple of questions. The versions in questions are 7.0.64 and 7.0.67. I am
aware of which is also described in the changelog for 7.0.67.
I have a filter acts on application "/myapp" that does a redirect in
Hi,
Recent changes to Tomcat altered the behavior of our applications a bit so I've
got couple of questions. The versions in questions are 7.0.64 and 7.0.67. I am
aware of which is also described in the changelog for 7.0.67.
I have a filter acts on application "/myapp" that does a redirect
You might want to explore this thread:
http://marc.info/?l=tomcat-user=145399491702444=2
which also points to this thread
http://tomcat.markmail.org/message/lyxmf5zof5csf6bn
Regards,
George
-Original Message-
From: McKenzie, Mitch [mailto:mmcken...@markelcorp.com]
Sent: Wednesday,
-logout-relogin
:
http://stackoverflow.com/questions/10229027/how-to-trigger-ssl-rehandshake-on-a-web-browser
For the time being I'll just warn the users that they are not being truly
logged out until they close all browser windows.
2016-01-29 18:56 GMT+01:00 George Stanchev <gst
-Original Message-
From: Gael Abadin [mailto:gael.aba...@imatia.com]
Sent: Friday, January 29, 2016 10:33 AM
To: Tomcat Users List
Subject: client ssl renegotiation after invalidating session
I want to invalidate the client ssl cert authentication after the user logs out
of my
On 28.10.2015 17:42, Torsten Rieger wrote:
> -Ursprüngliche Nachricht-
> Von: Aurélien Terrestris [mailto:aterrest...@gmail.com]
> Gesendet: Mittwoch, 28. Oktober 2015 16:45
> An: Tomcat Users List
> Betreff: Re: AW: Suppress or replace WWW-Authorization header
>
You need Apache, not Tomcat
-Original Message-
From: Chris Thompson [mailto:cthomp...@conveyor-dynamics.com]
Sent: Wednesday, October 28, 2015 5:20 PM
To: users@tomcat.apache.org
Subject: Tomcat Server and PHP Extensions
Does Tomcat Server support PHP extensions?
I am looking at
Aurélien,
I added good_run.pcap and bad_run.pcap to that dropbox location [1].
I also think this needs to be looked at by MS engineers. I am following up on
my support case but really not getting anywhere...
George
[1] https://www.dropbox.com/sh/az1r3agxx4w8r7e/AACRGedBG3G5oh4-qE9652WNa?dl=0
on algorithm
and the cryptographic hash function negotiated during the client hello and
server hello, and using the secret key that the client sent to the server
during the client key exchange. The handshake can be renegotiated at this time.
See the next section for details."
2015-10-1
of the ClientHello
record, not how it is wrapped which happens later when the record is being
serialized to the socket...
Anyways, thanks to all for the tip but it doesn't make a difference...still bad
mac record...
George
-Original Message-
From: George Stanchev [mailto:gstanc
/15 12:46 PM, George Stanchev wrote:
> One more clarification: on point [6] below I stated that Java is able
> to recover with a retry on a cached connection. Unfortunately that is
> only valid for higher level classes like HttpUrlConnection which makes
> 1 retry on IOException (and o
have some movement forward.
George
[1]
http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
-Original Message-----
From: George Stanchev [mailto:gstanc...@serena.com]
Sent: Tuesday, October 13, 2015 10:26 AM
To: Tomcat Users List
Subject: RE: [OT] Tomcat 7.0.5
d_record_mac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
George,
On 10/13/15 12:35 PM, George Stanchev wrote:
> [1] states: " JDK 7-9 enables SSLv2Hello on the server side only.
> (Will not send, but will accept SSLv2Hellos)"
Interesting. This absolutely makes sense, thoug
[OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description
= bad_record_mac
George,
do you have any network capture that we can see ?
2015-10-13 22:10 GMT+02:00 George Stanchev <gstanc...@serena.com>:
> >> It might be doable with OpenSSL s_client or something. Tough to
>
Aurélien Terrestris <aterrest...@gmail.com>:
> George,
>
> do you have any network capture that we can see ?
>
> 2015-10-13 22:10 GMT+02:00 George Stanchev <gstanc...@serena.com>:
>
>> >> It might be doable with OpenSSL s_client or something. Tough to
>> r
produces the problem, I'll try
with JTouch ( jtouch.sourceforge.net ) or write a small client.
2015-10-13 22:22 GMT+02:00 Aurélien Terrestris <aterrest...@gmail.com>:
> George,
>
> do you have any network capture that we can see ?
>
> 2015-10-13 22:10 GMT+02:00 George Stanchev
sourceforge.net ) or write a small client.
>
>
>
>
> 2015-10-13 22:22 GMT+02:00 Aurélien Terrestris <aterrest...@gmail.com>:
>
>> George,
>>
>> do you have any network capture that we can see ?
>>
>> 2015-10-13 22:10 GMT+02:00 George Stanchev <
ut to write a TLS client using a SSLv2Hello, you will call
getInstance("TLS") and setEnabledProtocols("SSLv2").
I hope things are more understandable :)
2015-10-13 23:12 GMT+02:00 George Stanchev <gstanc...@serena.com>:
> Ok, may be you are ahead of me on t
's working.
Not making advertisement for my software here, but,.. ;)
2015-10-13 23:20 GMT+02:00 George Stanchev <gstanc...@serena.com>:
> Just as a side note, https.protocols is read by HttpsUrlConnection
> which feeds it down through setEnabledProtocols() on the SSL socket. "
Just for the record, https.protocols is a property used by the
HttpsUrlConnection class. If your app is using a client that doesn't rely on
the internal Oracle HTTP client, it's better to use " jdk.tls.client.protocols"
which is read directly by the socket/SSL classes. Apache Http Client is one
-level
sockets just throw and that’s it...
-Original Message-
From: George Stanchev [mailto:gstanc...@serena.com]
Sent: Friday, October 09, 2015 10:40 AM
To: Tomcat Users List
Subject: RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description
= bad_record_mac
Just for the record
Mark,
What are the possible issues with renegotiation? We're on NIO connectors, is
there anything known?
George
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Monday, October 05, 2015 8:32 AM
To: Tomcat Users List
Subject: Re: Demand CLIENT-CERT only on certain
Hi Diarmuid,
We have run similar issue with client cert SSL. Is your 3rd party web service
hosted on Windows/IIS?
George
-Original Message-
From: dmccrthy [mailto:dmccr...@gmail.com]
Sent: Tuesday, September 01, 2015 11:07 AM
To: Tomcat Users List
Subject: Tomcat 7.0.55 Not loading
For SOAP, you *MUST* send back 500 or 400 with your SOAP fault back.
[1] http://www.w3.org/TR/soap12-part2/#tabresstatereccodes
-Original Message-
From: Leo Donahue [mailto:donahu...@gmail.com]
Sent: Saturday, June 27, 2015 11:45 PM
To: Tomcat Users List
Subject: [OT] Re: Filter
processing error.
George
[1] http://www.w3.org/TR/2000/NOTE-SOAP-2508/#_Toc478383529
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Monday, June 29, 2015 8:56 AM
To: Tomcat Users List
Subject: Re: [OT] Re: Filter behaviour
George Stanchev wrote:
For SOAP, you
: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Friday, June 26, 2015 10:06 AM
To: Tomcat Users List
Subject: Re: Forcing SSL Renotiation
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
George,
On 6/26/15 10:04 AM, George Stanchev wrote:
You didn't specify your Tomcat version
Hi Steffen
You didn't specify your Tomcat version. In Tomcat 7 or 8 or 9 we use the
following code. Not sure if it will work on 6. For a long time until very
recently we were stuck on 5.5 and the attribute below is not available. So I
had to write a reflection introspection to drill down to
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, June 24, 2015 8:37 AM
To: Tomcat Users List
Subject: Re: useServerCipherSuitesOrder in 7.0.62
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
George,
On 6/15/15 10:08 AM, George Stanchev wrote
Is there any chance for the OpenSSL-style ciphers to be backported to the 7
release line?
-Original Message-
From: George Stanchev [mailto:gstanc...@serena.com]
Sent: Saturday, June 13, 2015 11:41 AM
To: Tomcat Users List
Subject: RE: useServerCipherSuitesOrder in 7.0.62
Thanks
Subject: Re: useServerCipherSuitesOrder in 7.0.62
2015-06-13 15:36 GMT+03:00 George Stanchev gstanc...@serena.com:
Hi,
I was looking at [1] and it looks the new attribute is available in 7.0.61
onwards as per Violeta's comment. However I cannot find this new attribute in
the HTTP connector
Hi,
I was looking at [1] and it looks the new attribute is available in 7.0.61
onwards as per Violeta's comment. However I cannot find this new attribute in
the HTTP connector documentation [2] nor the changelog [3]. Can someone confirm
or deny the availability of this attribute
Chris, thanks for sharing this. I've recently ran across a similar tool:
http://www.bolet.org/TestSSLServer/
That does the same thing as your code but may be a little bit more elaborate.
It also has a source code on link. Since you has shared your code, I might as
well share this - the more
I don't see where he blamed the developers for anything. The poster even
admitted it was their fault. I think it is reasonable to warn the OP that any
change can result in issue. Even if you're doing everything correctly, there is
a change of running in a new Tomcat issue or a regression or
Hello,
What is the schedule for Connectors release? Is a release scheduled when a
critical mass of issues fixed or a major problem is resolved or a regular
time-based release?
George
1 - 100 of 101 matches
Mail list logo