[2xOT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

2017-08-11 Thread Kreuser, Peter
I'm glad that we get so well over serious problems. Made my day :-) ! PS: André: Sorry for the top post. PPS: James: I still can't get over it, that you run Tomcat on AS400, my first contact to production systems back in '90. -Ursprüngliche Nachricht- Von: André Warnier (tomcat)

AW: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

2017-08-10 Thread Kreuser, Peter
Hi all, >-Ursprüngliche Nachricht- >Von: André Warnier (tomcat) [mailto:a...@ice-sa.com] >Gesendet: Donnerstag, 10. August 2017 11:34 >An: users@tomcat.apache.org >Betreff: Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It >can't be reached from outside the box.

AW: Response cut off after 10 seconds when using NIO2 connector

2017-07-12 Thread Kreuser, Peter
Hi Matt, > -Ursprüngliche Nachricht- > Von: Matt Cosentino [mailto:mcosent...@cacorp.com] > Gesendet: Dienstag, 11. Juli 2017 19:35 > An: Tomcat Users List > Betreff: Response cut off after 10 seconds when using NIO2 connector > > I'm using Tomcat 8.5.16 with

AW: Connection pool issue was in with 7.0.52 version? And it is fixed in 7.0.78 version?

2017-06-19 Thread Kreuser, Peter
Sai, May I suggest that you update your production system and see if that helps? No matter if the problem is in the tomcat version or your software, Tomcat 7.0.52 is over three years old, and contains many security related problems. From the release notes I see also quite a few performance and

AW: JVM Crash in tcnative due to concurrency/timing in HTTP/2

2017-06-13 Thread Kreuser, Peter
Mark, > On 09/06/17 16:02, Kreuser, Peter wrote: > > Hi all, > > > > Sorry for the long text. I hope somebody can help me track down the problem > > I'm facing with Tomcat (8.5.15), tcnative (1.2.12), openssl (1.1.0e) and > > HTTP/2. JVM is zulu-8.21

JVM Crash in tcnative due to concurrency/timing in HTTP/2

2017-06-09 Thread Kreuser, Peter
Hi all, Sorry for the long text. I hope somebody can help me track down the problem I'm facing with Tomcat (8.5.15), tcnative (1.2.12), openssl (1.1.0e) and HTTP/2. JVM is zulu-8.21.0.1 (1.8.0_131-b11) I've added (already for a long time) the logging of the ssl_cipher to the accesslog. For

AW: how to upgrade tomcat 8.5.x?

2017-05-16 Thread Kreuser, Peter
Igal, -Ursprüngliche Nachricht- > Von: Igal @ Lucee.org [mailto:i...@lucee.org] > Gesendet: Dienstag, 16. Mai 2017 16:44 > An: Tomcat Users List; modjkl...@comcast.net > Betreff: Re: how to upgrade tomcat 8.5.x? > > On 5/16/2017 6:37 AM, modjkl...@comcast.net wrote: > > I assume I need

AW: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-04-27 Thread Kreuser, Peter
Hi (WhoEverYouMayBe - you may want to sign with a name???), > Server version:Apache Tomcat/8.5.11 > Server built: Jan 10 2017 21:02:52 UTC > Server number: 8.5.11.0 > OS Name: Linux > OS Version:3.10.0-514.16.1.el7.x86_64 > Architecture:

AW: sendFiles vs. compression

2017-04-18 Thread Kreuser, Peter
Hi Cris, > Excellent information. Thank you! > > Is there a way to create a split point where sendFile will handle files of > certain mime types (or all mime-types except for an exclusion list of mime > types) and/or of certain sizes while compression will handle files of other > mime-types

AW: Apache Tomcat/8.0.36 HTTPS implementation - Red Hat Enterprise Linux Server release 6.8 (Santiago)

2017-03-28 Thread Kreuser, Peter
Hi Eric, > Dear all, > > > I need to implement secure connection within tomcat. That's why I need to > implement certificate on tomcat. > I've made a CSR in order for my company to provide me certificates and CA. > I've implemented the configuration in TOMCAT to activate https to use my >

AW: Operation has timed out

2017-02-07 Thread Kreuser, Peter
Fady, Sorry for top posting. If I remember correctly, the Cluster Element goes into the Container and not the Host. Plus I see in our (working) case, a DeltaManager and a JvmRouteSessionIDBinderListener ... Besides this, only ports, limits and values are different. You may

AW: https redirect failed for POST request when behind a load balancer

2017-01-25 Thread Kreuser, Peter
en after that all links, forms will be on https. Best regards Peter > Our engineer who has access to the load balancer is off today, will get some > log info on the load balancer side about the redirect. > > Thank you, > > Bin > > -Original Message- > From: Kreu

AW: https redirect failed for POST request when behind a load balancer

2017-01-24 Thread Kreuser, Peter
Bin, > Peter: > To answer your questions > 1. The response header when using 8080 to post, I got: > > Status Code: 405 Method Not Allowed > Allow: POST > Cache-Control: private > Content-Language: en > Content-Length: 1045 > Content-Type: text/html;charset=utf-8 >

AW: https redirect failed for POST request when behind a load balancer

2017-01-23 Thread Kreuser, Peter
eter > > Bin > > -Original Message- > From: Kreuser, Peter [mailto:pkreu...@airplus.com] > Sent: Friday, January 20, 2017 1:43 AM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: AW: https redirect failed for POST request when behind a load >

AW: https redirect failed for POST request when behind a load balancer

2017-01-20 Thread Kreuser, Peter
Hi Bin > Konstantin: > Thank you very much for your reply. To answer your question > > 1. The api-lb and lb-api was a typo. > > 2. I was able to reproduce this problem with a single server behind the > load balancer. > Where http://lb-test-api:8080 was set to forward to

AW: Vulnerability Issue with Apache Tomcat 8.0.15 with CSRF token

2017-01-10 Thread Kreuser, Peter
Hi Abishek,   > -Ursprüngliche Nachricht- > Von: Kumar, Abhishek (IT Information Services ) > [mailto:abhishek.kum...@originenergy.com.au] > Gesendet: Dienstag, 10. Januar 2017 12:17 > An: users@tomcat.apache.org > Betreff: Vulnerability Issue with Apache Tomcat

AW: 8.5.4 to 8.5.5 SSL Issue

2016-10-25 Thread Kreuser, Peter
Dear all, > On Sun, Oct 23, 2016 at 3:15 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > >

Mod_jk 1.2.42 fails at startup with shared memory failure

2016-10-12 Thread Kreuser, Peter
Hi all, Hi Mark, I see one change in the newest mod_jk (see below), that stops Apache in my configuration: The discussion on this bug is valid https://bz.apache.org/bugzilla/show_bug.cgi?id=59184, however I would like to see an explanation o why the shm may fail! Docker 1.12 Debian Stretch

AW: Tomcat 8 HTTPS issue with old browser

2016-10-05 Thread Kreuser, Peter
Objections Chris, > André, > > On 10/4/16 7:59 AM, André Warnier (tomcat) wrote: > > On 04.10.2016 12:43, Garratt, Dave wrote: > >> To elaborate, there is only this single application running on > >> the server. All other web applications use Windows IIS. > >> > >> I have mentioned that the

AW: Tomcat 8 HTTPS issue with old browser

2016-10-04 Thread Kreuser, Peter
Dave, > The requirement for HTTPS is only a recent requirement and the application is > now heavily dependent on Java 8. At this point I don’t know just how old a > version of Tomcat I would need to make it work and I would have to make > significant changes to the code in order to make it

AW: Tomcat 7.0.65 + Java 6 Update 121 64-bit - Cipher Suite Names

2016-09-21 Thread Kreuser, Peter
Roman, >I know it did not worked because as soon as I add the ciphers entry to the >SSL HTTPS connector in the server.xml file, it tells me that value is not >supported. > >On Wed, Sep 21, 2016 at 6:45 PM, Mark Thomas wrote: > >> On 21/09/2016 11:22, Román Valoria wrote: >> >

AW: Tomcat 7.0.65 + Java 6 Update 121 64-bit - Cipher Suite Names

2016-09-21 Thread Kreuser, Peter
Roman, > On 21/09/2016 11:22, Román Valoria wrote: > > Before anyone tells me, I cannot upgrade either Tomcat or Java to the > > latest major release. > > > > My setup is running on Windows Server 2008 R2 64-bit OS. > > What configuration have you tried? > > How do you know it didn't work? >

AW: Restrict access to manager app by IP

2016-09-02 Thread Kreuser, Peter
Hi Yuval, > -Ursprüngliche Nachricht- > Von: Yuval Schwartz [mailto:yuval.schwa...@gmail.com] > Gesendet: Freitag, 2. September 2016 13:28 > An: Tomcat Users List > Betreff: Restrict access to manager app by IP > > Tomcat: 8.0.22 > JDK: 1.8.0_05 > > Hello, > > I am currently running

AW: AW: TCNative 1.2.8 with openssl 1.1.0

2016-09-01 Thread Kreuser, Peter
Chris, > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Mark, > > On 8/31/16 7:21 AM, Mark Thomas wrote: > > On 31/08/2016 12:18, Kreuser, Peter wrote: > >> > >> Christopher, > >> > >>> On 8/30/16 10:18 AM, Kreuser, Pete

AW: TCNative 1.2.8 with openssl 1.1.0

2016-08-31 Thread Kreuser, Peter
Mark, > On 31/08/2016 12:18, Kreuser, Peter wrote: > > > Christopher, > > On 8/30/16 10:18 AM, Kreuser, Peter wrote: > > On 30/08/2016 10:23, Kreuser, Peter wrote: > > Hi all, > > I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd >

AW: TCNative 1.2.8 with openssl 1.1.0

2016-08-31 Thread Kreuser, Peter
Christopher, > On 8/30/16 10:18 AM, Kreuser, Peter wrote: > > On 30/08/2016 10:23, Kreuser, Peter wrote: > > Hi all, > > I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd > proves that it is linked). I have set the cipher string to the > newly supp

AW: TCNative 1.2.8 with openssl 1.1.0

2016-08-30 Thread Kreuser, Peter
> On 30/08/2016 10:23, Kreuser, Peter wrote: > > Hi all, > > I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd proves that it > is > linked). I have set the cipher string to the newly supported ciphers: > > > ciphers="ECDH

TCNative 1.2.8 with openssl 1.1.0

2016-08-30 Thread Kreuser, Peter
Hi all, I have compiled tcnative 1.2.8 with the new openssl 1.1.0 (ldd proves that it is linked). I have set the cipher string to the newly supported ciphers: ciphers="ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-

AW: 8.5.3 to 8.5.4 SSL Issue

2016-08-22 Thread Kreuser, Peter
Chuck, > > Hello, > > I am having issues when upgrading from 8.5.3 to 8.5.4 with SSL. It seems > that my config from 8.5.3 is not working with 8.5.4 when using the same > exact file. The majority of the server.xml is stock, but here what I > manually have changed and it is where I am

AW: A way for user to specify DH parameter to tomcat !

2016-08-19 Thread Kreuser, Peter
Hi Utkarsh >Von: Utkarsh Dave [mailto:utkarshkd...@gmail.com] >Gesendet: Donnerstag, 18. August 2016 08:18 >An: Tomcat Users List >Betreff: Re: A way for user to specify DH parameter to tomcat ! > >Thanks a lot Chris and Violeta. > >On Wed, Aug 17, 2016 at 1:59 PM, Utkarsh Dave

AW: AW: Tomcat 8.5 Nio2: java.lang.IllegalStateException: Failed to create Processor for negotiated protocol [""]

2016-04-28 Thread Kreuser, Peter
Mark, > >On 27/04/2016 10:01, Kreuser, Peter wrote: >> Mark, >> >> I read that you ported all the new SSL functionality to 8.5, so my first >> guess was, that if that problem was new, you might want to know what's wrong >> ;-). >> >>>

AW: AW: Tomcat 8.5 Nio2: java.lang.IllegalStateException: Failed to create Processor for negotiated protocol [""]

2016-04-27 Thread Kreuser, Peter
> >-Ursprüngliche Nachricht- >On 27/04/2016 10:01, Kreuser, Peter wrote: >> Mark, >> >> I read that you ported all the new SSL functionality to 8.5, so my first >> guess was, that if that problem was new, you might want to know what's wrong >> ;-

AW: Tomcat 8.5: Certificate Chain Incomplete - Tomcat 8.0 was fine

2016-04-27 Thread Kreuser, Peter
was fine On 27/04/2016 10:39, Kreuser, Peter wrote: > Hi all, > > I have a strange problem with Tomcat 8.5. Using the exact same setup as > Tomcat 8.0 (connector and keystore) ssllabs will downgrade my setup from A to > B because of a missing intermediate certificate. http://sv

Tomcat 8.5: Certificate Chain Incomplete - Tomcat 8.0 was fine

2016-04-27 Thread Kreuser, Peter
Hi all, I have a strange problem with Tomcat 8.5. Using the exact same setup as Tomcat 8.0 (connector and keystore) ssllabs will downgrade my setup from A to B because of a missing intermediate certificate. I have the two versions working side by side on two ports. Openssl on the two

AW: Tomcat 8.5 Nio2: java.lang.IllegalStateException: Failed to create Processor for negotiated protocol [""]

2016-04-27 Thread Kreuser, Peter
Mark, I read that you ported all the new SSL functionality to 8.5, so my first guess was, that if that problem was new, you might want to know what's wrong ;-). >On 25/04/2016 17:10, Kreuser, Peter wrote: >> Hi there, >> >> I have setup Tomcat 8.5 with the all new

Tomcat 8.5 Nio2: java.lang.IllegalStateException: Failed to create Processor for negotiated protocol [""]

2016-04-25 Thread Kreuser, Peter
Hi there, I have setup Tomcat 8.5 with the all new SSL Config and HTTP/2. To test the setup I use testssl.sh (https://testssl.sh ) . The scan is successful, also stating HTTP/2 is working. So far so good. However I see the following exception in the Logs: 25-Apr-2016 17:36:16.697 SEVERE

AW: Question concerning mod_jk Security Fix CVE-2014-8111

2015-07-20 Thread Kreuser, Peter
-Ursprüngliche Nachricht- Von: Mark Thomas [mailto:ma...@apache.org] Gesendet: Freitag, 17. Juli 2015 12:33 An: Tomcat Users List Betreff: Re: Question concerning mod_jk Security Fix CVE-2014-8111 On 16/07/2015 13:16, Kreuser, Peter wrote: Please let me repeat my question from

Question concerning mod_jk Security Fix CVE-2014-8111

2015-07-16 Thread Kreuser, Peter
Please let me repeat my question from June 6th: Why is this CVE still not addressed in Apache Tomcat JK Connectors vulnerabilities http://tomcat.apache.org/security-jk.html? http://www.cvedetails.com/cve/CVE-2014-8111/ - Hi, could you please tell us, when the

Question concerning mod_jk Security Fix CVE-2014-8111

2015-06-08 Thread Kreuser, Peter
Hi, could you please tell us, when the fixed mod_jk-Version 1.2.41 will be publicly available? The webpage does not mention any vulnerability at all, plus no newer release than the vulnerable 1.2.40. For now RedHat mentions only the fix to the source code from December 2014.