Greetings, Folks
This plan about Tomcat security is very nice. We look forward to the meetings.
Could we have a session related to " Best practices for using Tomcat +
(Apache Web Server) Forward Proxy (FP) combo in a real production environment "
where an application hosted in Tomcat (web) c
Hi Ezsra,
This is an answer to your query - " Why is Tomcat not using
the TLSv1.2 protocol?"
I assume you are using Oracle JDK v8u281
You may want to review the following line in the file : /jre/lib/security/
java.security
jdk.tls.disabledAlgorithms=??
The following ol
Hi Chris,
-Original Message-
From: Christopher Schultz
Sent: Tuesday, May 25, 2021 9:10 AM
To: users@tomcat.apache.org
Subject: Re: Tomcat SSL stops working after an undetermined amount of time
Ronald,
On 5/25/21 09:31, Roskens, Ronald wrote:
>
>> -Original Message-
>> From:
st the "sslProtocol" to "protocols"
>> change in our lower environments. I will reply back with any findings.
>>
>> Thank you everyone for your responses.
>>
>> regards,
>>
>> -- Ez
>>
>> On Tue, May 25, 2021 at 10:48 AM
topher Schultz <
ch...@christopherschultz.net> wrote:
> Raghunath,
>
> On 5/26/21 19:08, Mysore, Raghunath wrote:
> > To track if BC is configured in your environment, you may want to
> > assess if BC is listed as a "security.provider" in the following
> > &qu
You could try using the Oracle utility - "jstat" - for analyzing the GC in an
active Java process (PID)
The "gcold" option helps us to peep into the Old Generation area
jstat -gcold PID
jstat -gcoldcapacity PID
https://docs.oracle.com/javase/8/docs/technotes/tools/unix/jstat.html
-Orig
You may want to try the following "verbose" option
-Djavax.net.debug=ssl:handshake:verbose
-Original Message-
From: Ragavendhiran Bhiman (rabhiman)
Sent: Tuesday, June 8, 2021 7:48 AM
To: users@tomcat.apache.org
Subject: Need help on ssl handshake logging for audit purpose
Hi All,
In o
specify the JSSE provider. Perhaps we should
expose that to the administrator in some way.
-chris
> On Thu, May 27, 2021 at 11:23 AM Mysore, Raghunath
>
> wrote:
>
>> Hi Ezsra,
>> I concur with suggestions from Chris Schultz.
>> Would you clar