Re: Simple SSL question

2022-08-11 Thread Peter Kreuser
single host. >>> That's just not possible with the one-attribute-to-rule-them-all >>> configuration >>> where everything is on the element. >>> I have tried all the fancy new cert options and they are cool. And I do agree that it's more readable. What woul

Re: SSLLabs scan shows TLSv1.0 and TLSv1.1 even though I have sslProtocol="TLSv1.2"

2022-08-10 Thread Peter Kreuser
doc/config/http.html#SSL_Support Peter > Am 10.08.2022 um 00:15 schrieb James H. H. Lampert > : > > I think this may have come up before, but I don't recall how it was resolved. > > On customer box #1, I have: > address="" > maxThrea

Re: AW: SSL issue with Tomcat 6.0.45 and JRE 1.8.0

2022-06-17 Thread Peter Chamberlain
;>> that > >>> may > >>>> be in there (e.g. passwords). > >>>> > >>>> -chris > >>>> > >>> > > > > The error says that the client and the server couldn’t find a common > cipher suite. > > They couldn’t agree on any cipher. > > Does your keystore contain a valid private key? > > The problem is likely that Tomcat 6 (which is ancient) defaults to TLSv1 > and no higher (this is a guess; I'm not bothering to look at a > 14-year-old version of Tomcat to figure out what the problem really is). > The client isn't willing to connect to such an ancient version of any > protocol, so it fails with the handshake failure. > > > Maybe you can try to print out all available cipher suites on your > environment: > > > https://stackoverflow.com/questions/9333504/how-can-i-list-the-available-cipher-algorithms > > You can add the code to a jsp-page and print out the available > algorithms. > > Try explicitly setting the "enabled protocols" to "TLSv1, TLSv1.1, > TLSv1.2, TLSv1.3" -- however that's done in that dinosaur of a Tomcat > version. It might be enabledProtocols="..." if might be > SSLProtocols="..." and it might have a lot to do with whether or not > APR/native is being used, too. > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > Could this be an issue with the java jdk security disabled algorithms. Later versions of jdk 8 disabled TLSv1 and TLSv1.1 by default, and you have to change the jre/jdk conf/security/java.security file to fix it for older use cases. -- *Peter Chamberlain*

Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-04-28 Thread Peter Chiu
This is what I am using. Hope this helps. https://orclcs.blogspot.com/2017/04/enable-hsts-in-tomcat.html On Thu, Apr 28, 2022 at 3:11 PM Kaushal Shriyan wrote: > Hi, > > I am running the tomcat version 9.0.56 on CentOS Linux release 7.9.2009 > (Core) and trying to configure HTTP Strict

Re: [OT] Getting TLS handshake details

2022-04-15 Thread Peter Kreuser
Chris, > Am 14.04.2022 um 23:21 schrieb Christopher Schultz > : > > Peter, > >> On 4/14/22 03:45, Peter Kreuser wrote: >> Chris, >>>> Am 13.04.2022 um 21:37 schrieb Christopher Schultz >>>> : >>> All, >>> I asked this

Re: [OT] Getting TLS handshake details

2022-04-14 Thread Peter Kreuser
s Do you know testssl.sh? If I want to know how to handle a specific tls problem I check in Dirk's code and start from there... Peter > Thanks, > -chris > > - > To unsubscribe, e-mail: u

Aw: PostConstruct annotation in a filter since version 9.0.60

2022-04-03 Thread Peter Rader
PostConstruct is for dependency-injection. A vanilla tomcat does no dependency injection. Can you confirm you have a vanilla tomcat?   Kind regards Peter Rader -- Fachinformatiker AE / IT Software Developer Peter Rader Wilsnacker Strasse 17 10559 Berlin - GERMANY Tel: 0049 (0)30 / 6 29 33 29 6

Re: Apex SSO

2022-03-25 Thread Peter Chiu
hostname. Hope this helps. On Fri, Mar 25, 2022 at 8:54 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > Peter, > > On 3/24/22 14:54, Peter Chiu wrote: > > I will email you directly. For the group knowledge, there is nothing > > special you need to do on

Re: Fwd: tomcat 9.50 - rewrite rule question

2022-03-24 Thread Peter Chiu
Application builder->Your application->Shared Components->Application Definition Attributes->Properties->Friendly URLs On Thu, Mar 24, 2022 at 3:25 PM rupali singh wrote: > Hi, > > How we can enable friendly url in apex? > > > > On Fri, Mar 25, 2022, 12:48

Re: Fwd: tomcat 9.50 - rewrite rule question

2022-03-24 Thread Peter Chiu
Have you consider doing the following 1. custom URL/domain, and 2. enable Friendly URLs in APEX On Thu, Mar 24, 2022 at 3:09 PM Felix Schumacher < felix.schumac...@internetallee.de> wrote: > > Am 24.03.22 um 19:23 schrieb rupali singh: > > hi, > > yes context name is apex. > > Good to know. > >

Re: Apex SSO

2022-03-24 Thread Peter Chiu
I will email you directly. For the group knowledge, there is nothing special you need to do on Tomcat if it is not behind a proxy. On Thu, Mar 24, 2022 at 1:51 PM rupali singh wrote: > Hi Peter, > > Are u using apache web server with tomcat or its only tomcat . > if possible ca

Re: Apex SSO

2022-03-24 Thread Peter Chiu
I have a working APEX SSO against Azure AD or On-Permise AD. On Thu, Mar 24, 2022 at 1:13 PM rupali singh wrote: > HI Team, > > We are using apex 21.1 with tomcat 9.54. > we want to implement SSO for application deployed in Apex with IDCS > reference URL : > >

PGP signature on the latest Tomcat release

2021-12-12 Thread Gershkovich, Peter
! Peter gpg --verify apache-tomcat-9.0.56.tar.gz.asc.txt apache-tomcat-9.0.56.tar.gz gpg: Signature made Thu Dec 2 09:31:59 2021 EST using RSA key ID 359E722B gpg: requesting key 359E722B from hkps server hkps.pool.sks-keyservers.net<http://hkps.pool.sks-keyservers.net> gpgkeys: HTTP fetch e

Aw: Tomcat - Deployment

2021-11-07 Thread Peter Rader
to solve the bug your developers are in charge IMO. Please provide the stacktrace to your developers in order to solve the problem.   Kind regards Peter Rader -- Fachinformatiker AE / IT Software Developer Peter Rader Wilsnacker Strasse 17 10559 Berlin - GERMANY Tel: 0049 (0)30 / 6 29 33 29 6 Fax: 0049

Aw: Re: tomcat hangs

2021-09-13 Thread Peter Rader
Chris, > Gesendet: Donnerstag, 09. September 2021 um 22:15 Uhr > Von: "Christopher Schultz" > An: users@tomcat.apache.org > Betreff: Re: Aw: tomcat hangs > Peter, > > On 9/9/21 08:21, Peter Rader wrote: > > I might noticed a simmilar issue: I ran the JVM in

Aw: tomcat hangs

2021-09-09 Thread Peter Rader
I might noticed a simmilar issue: I ran the JVM in a linux OS on a VM (in virtualbox btw). The jdk for some reason request a random number. The JDK asks the LinuxOS for a new random number (maybe in the hope to use a hardware-based TRNG). Since this linux in virtualbox is not-so low-level the

Re: Apache Tomcat 9 | Tomcat starting issue

2021-08-23 Thread Peter Chamberlain
iner, it starts for a few seconds and > stops (port 8080 listens for a while). Nothing in logs. > > $ catalina.sh run (tried with "jpda start" or "debug" options as well) > $ ps aux |grep java --> show the pro

Re: Connector Port Issue

2021-08-05 Thread Peter Kreuser
43] >> > The ssl-Options are not attributes on the connector, but the SSLHostConfig http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#Common_Attributes http://tomcat.apache.org/tomcat-10.0-doc/config/http.html#SSL_Support

Re: Understanding issues with connection refused when redirecting internally

2021-04-12 Thread Peter Chamberlain
On Mon, 12 Apr 2021, 09:07 Mark Thomas, wrote: > On 11/04/2021 11:03, Peter Chamberlain wrote: > > > > > I've been investigating this some more, as I'm not convinced nio2 isn't > > behaving strangely in this case. I think there may of been some sort of > > rever

Re: Understanding issues with connection refused when redirecting internally

2021-04-11 Thread Peter Chamberlain
On Fri, 9 Apr 2021 at 18:12, Peter Chamberlain wrote: > > > On Fri, 9 Apr 2021, 14:10 Christopher Schultz, < > ch...@christopherschultz.net> wrote: > >> Peter, >> >> On 4/9/21 06:53, Peter Chamberlain wrote: >> > Hello, >> > I've been t

Re: Understanding issues with connection refused when redirecting internally

2021-04-09 Thread Peter Chamberlain
On Fri, 9 Apr 2021, 14:10 Christopher Schultz, wrote: > Peter, > > On 4/9/21 06:53, Peter Chamberlain wrote: > > Hello, > > I've been trying to understand the behaviour of tomcat when handling > > internal redirects. I'm testing using tomcat 9.0.38. I'm testing using

Re: Understanding issues with connection refused when redirecting internally

2021-04-09 Thread Peter Chamberlain
On Fri, 9 Apr 2021, 14:29 Mark Thomas, wrote: > On 09/04/2021 11:53, Peter Chamberlain wrote: > > Hello, > > I've been trying to understand the behaviour of tomcat when handling > > internal redirects. I'm testing using tomcat 9.0.38. I'm testing using > > jdk8 1.8.0_2

Understanding issues with connection refused when redirecting internally

2021-04-09 Thread Peter Chamberlain
Apologies if this has been covered elsewhere before, I have been searching but haven't found anything particularly clear covering this. Best regards, Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] programming style or mental process ?

2021-04-05 Thread Peter Kreuser
f" is always executed, and s is always null. > > If you switch the operands, the compiler will fail because you can't assign a > value to null: > > if(null = s ) { >// Compiler will refuse to compile > } > Isn‘t it true that only one bit difference would result

IDNs emoji replaced by punycode - how to remain with emoji?

2021-03-08 Thread Peter Rader
--x7h.example.com in Chrome, Edge and Firefox (did not test more).   How to remain with emoji IDN in the browser URL?   Kind regards Peter Rader -- Fachinformatiker AE / IT Software Developer Peter Rader Wilsnacker Strasse 17 10559 Berlin - GERMANY Tel: 0049 (0)30 / 6 29 33 29 6 Fax: 0049 (0)30 / 6 29 33 29 6

Re: Question about TLS/SSL setup and SSLHostConfig or not

2021-03-02 Thread Peter Kreuser
cat-9.0-doc/ssl-howto.html >>> http://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html >>> >>> ``` >>> >>> >> protocol="org.apache.coyote.http11.Http11NioProtocol" >>> port="8443" maxThrea

Re: Browser complains of "weak signature algorithm" in cert on a new Tomcat installation. Does anybody here know anything about that sort of thing

2021-01-06 Thread Peter Kreuser
ser, it complained, > something to the general effect of "weak signature algorithm." > I guess they never upgraded their CA and still sign the certs with SHA1 or even MD5. They should change that for sure! Peter > While it's not really my problem (and is only connected t

Re: Deploying war, Negative Date exception

2020-10-12 Thread Peter Henderson
On Mon, 12 Oct 2020 at 14:50, Mark Thomas wrote: > On 12/10/2020 13:53, Mark Thomas wrote: > > On 12/10/2020 12:49, Mark Thomas wrote: > >> On 12/10/2020 12:19, Peter Henderson wrote: > >>> Hello fellow tomcat users. > >>> > >>> My enviro

Deploying war, Negative Date exception

2020-10-12 Thread Peter Henderson
seeing this exception when I upgraded my projects build tool version from sbt.version=1.3.10 to sbt.version=1.4.0 Is this a tomcat bug, a build tool bug or most likely something I'm doing wrong? Thanks Peter. [0] https://github.com/bollinger/NegativeDate [1] https://github.com/bollinger

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

2020-08-27 Thread Peter Kreuser
! To me a bug in the scanner plugin! My 2ct. Peter > Am 27.08.2020 um 09:47 schrieb Mark Thomas : > > On 27/08/2020 06:31, Terence M. Bandoian wrote: >> On 8/26/2020 11:27 PM, Pratik Shrestha wrote: > > > >>> For me, there are two options for the fix which I am no

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

2020-08-25 Thread Peter Kreuser
Tomcat version 7 used to send the error 'ERR_EMPTY_RESP' which > should still be okay. > > We already tried to find the fix for this issue on the web but in vain. > > Kindly help if anyone has found a way to fix it. > > Regards, > Pratik Peter --

Re: Request for Help

2020-07-29 Thread Peter Rader
Hello Mohan,   please tell if you are using 1. the JSP technology inside the application 2. what JDK version on server-side   Kind regards Peter Rader -- Fachinformatiker AE / IT Software Developer Peter Rader Wilsnacker Strasse 17 10559 Berlin - GERMANY Tel: 0049 (0)30 / 6 29 33 29 6 Fax: 0049

Re: Error in stopping application tomcat !!

2020-07-25 Thread Peter Kreuser
her bugzilla or the release notes! > Please suggest the probable fix to make this smooth. > For now it maybe as simple as sending SIGKILL to the java process. Apparently some resources in your app don‘t want to terminate. My 2ct. Peter >> On Sat, Jul 25, 2020 at 11:03 AM Kushagra Bin

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

2020-04-09 Thread Peter Kreuser
g/docs/2.4/mod/mod_proxy.html#proxypass > > Apparently, the documentation would recommend something like the following: > > >ProxyPass "!" > > >ProxyPass "!" > > > I think that the above is probably easier to read and more spe

Aw: Re: Re: /META-INF/resources/ and Chrome's DevTools

2020-04-07 Thread Peter Rader
> Betreff: Re: Aw: Re: /META-INF/resources/ and Chrome's DevTools >  On 06/04/2020 09:16, Peter Rader wrote: > > Hello Konstantin Kolinko, >  > > > I tried to use the PreResource but it does not work. >  > > > 2020-04-06 10:13:05 WARNUNG org.apache.tomcat.util.

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

2020-04-06 Thread Peter Kreuser
ssary for your tomcat application need to be sent or maybe rewritten. You may need to set the correct attributes on your connector, so the URLs are correctly rewritten (port 8080/8443 in tomcat should be https 443 to the outside! Cookies may

Aw: Re: /META-INF/resources/ and Chrome's DevTools

2020-04-06 Thread Peter Rader
Any idea? > > Gesendet: Montag, 16. März 2020 um 01:01 Uhr > Von: "Konstantin Kolinko" > An: "Tomcat Users List" > Betreff: Re: /META-INF/resources/ and Chrome's DevTools > ??, 15 ???. 2020 ?. ? 13:47, Peter Rader : > > > > I have my def

Aw: Re: /META-INF/resources/ and Chrome's DevTools

2020-03-16 Thread Peter Rader
ntext] > Since beside the frontend.jar I have other jars who serve static resources. This means I must have multiple docBases what is not possible AFAIK. > > Best regards, > Konstantin Kolinko Kind regards Peter Rader - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

Aw: /META-INF/resources/ and Chrome's DevTools

2020-03-15 Thread Peter Rader
I wrote a little WebFilter for this task. https://github.com/enexusde/devtools-tomcat-bypass Kind regards Peter Rader -- Fachinformatiker AE / IT Software Developer Peter Rader Wilsnacker Strasse 17 10559 Berlin - GERMANY Tel: 0049 (0)30 / 20 9930560 Fax: 0049 (0)30 / 20 9930561 Handy: 0049 (0

/META-INF/resources/ and Chrome's DevTools

2020-03-15 Thread Peter Rader
. Pack the war 3. Redeploy the war. This process takes a length of about 5 minutes. It is reloading the application and package the jars/wars for the sake of 1 byte change. The Question: Can I map a single resource to a file dynamically without reloading the application. Kind regards Peter

Aw: Installing a program designed for Tomcat 5.5 on Tomcat 9

2020-02-08 Thread Peter Rader
I am pretty sure that you could use the JVM/JDK's endorsed folder. They usually have their place in \lib\endorsed . Kind regards Peter Rader - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional command

Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-03 Thread Peter Rader
if - a WAR is rejected because of its size, the Manager would never ever write "Hey dude, I am deploying your web application XXX!". Right? Anyway I found it by myself. > On 2/2/20 4:48 PM, Peter Rader wrote: > > The old version of the application had a daemon that hav

Aw: Re: SOLVED - Re: Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-02 Thread Peter Rader
> Please post updates to the original thread. This is the original thread. > As suggested in the original thread, it was a permissions issue ... > permission denied because the port was already in use : ) Why do you think it is a permission issue? I already disproved that! How can you break it

SOLVED - Re: Aw: Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-02 Thread Peter Rader
The old version of the application had a daemon that have not yet finished his execution. Unfortuantely there is no further logging why the old version not stoped yet. I expected to have the "mvn redeploy" waiting forever for this deamon-locked problem. What I can not do is write a bug report

Aw: Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-02 Thread Peter Rader
Thank you for your reply. > Always look for the last "Caused by" in a stack trace for root cause. An > "IOException: Error writing to server" is indicative of a permissions > issue - I would start there, possibly the user account running the process. As pointed out in No. 3 the log said that the

mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-02 Thread Peter Rader
0 FINE [http-nio-80-exec-6] org.apache.coyote.http11.Http11InputBuffer.parseRequestLine Received [PUT /manager/text/deploy?path=xxx==true HTTP/1.1 Please notice the two deployment threads: -6 and -5 Any ideas? Kind regards Peter Rader -- Fachinformatiker AE / IT Software Developer Peter

Re: [OT] Install Comodo SSL in Tomcat

2020-01-28 Thread Peter Kreuser
Chris, > Am 28.01.2020 um 18:02 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >> On 1/28/20 11:30 AM, Peter Kreuser wrote: >> Peter Kreuser >>> Am 28.01.2020 um 16:34 schrieb Christopher

Re: [OT] Install Comodo SSL in Tomcat

2020-01-28 Thread Peter Kreuser
Chris, Peter Kreuser > Am 28.01.2020 um 16:34 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >>>>> On 1/27/20 3:35 PM, logo wrote: >> Could you try >> openssl pkcs12 -export -in my.crt -

Antwort: Tomcat 7: Access Valve pattern cipher, SSL Protocol

2020-01-16 Thread Peter Köhler
Hi Palod, i think you can do it with: JAVA_OPTS="$JAVA_OPTS -Djavax.net.debug=ssl,handshake" Regards peter Von:"Palod, Manish" An: "users@tomcat.apache.org" Datum: 16.01.2020 15:58 Betreff:Tomcat 7: Access Valve pattern cipher, SSL P

Fw: Antwort: Tomcat9, JSP, CSS and JS not loading in Firefox

2020-01-15 Thread Peter Köhler
- Weitergeleitet von Peter Köhler/BN/DWD am 15.01.2020 15:50 - Von:Peter Köhler An: "Tomcat Users List" Datum: 15.01.2020 15:49 Betreff:Antwort: Tomcat9, JSP, CSS and JS not loading in Firefox Von:Léa Massiot An: users@tomcat.apache.org Datum: 15.

Antwort: Tomcat9, JSP, CSS and JS not loading in Firefox

2020-01-15 Thread Peter Köhler
- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Dear Lea, maybe https://stackoverflow.com/questions/48248832/stylesheet-not-loaded-because-of-mime-type helps. Regards Peter

Tomcat9.0.16 on RHEL 7: ssl and javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

2020-01-15 Thread Peter Köhler
" I have thought that clientAuth="want" andsslProtocol="TLS" allow X509 authentification over tomcat-users.xml . What can i do to solve that problem? Thanks Peter

Re: TC8 -> TC9 KeyAlias SSL not supported?

2020-01-13 Thread Peter Kreuser
Peter, > Am 13.01.2020 um 16:49 schrieb Peter Rader : > >  >> Peter, >> Can you find what you are looking for here? >> >> > >> ? > > No! There is no such node or any similar content. And there simply can not be > such a node because all th

Re: Aw: Re: TC8 -> TC9 KeyAlias SSL not supported?

2020-01-13 Thread Peter Rader
> Peter, > > Can you find what you are looking for here? > > > > > ? No! There is no such node or any similar content. And there simply can not be such a node because all the connector-xml-nodes are self-closing as you might have already noticed. AFAIK I should not c

Aw: Re: TC8 -> TC9 KeyAlias SSL not supported?

2020-01-13 Thread Peter Rader
m  > >   org.apache.coyote.http11.Http11Protocol > > to  > >   org.apache.coyote.http11.Http11NioProtocol > > Full Connector configurations (with sensitive data masked)? TC8= TC9= Masks: - XXX keystore CA - keystore or truststore

TC8 -> TC9 KeyAlias SSL not supported?

2020-01-13 Thread Peter Rader
I recently moved from T8 to T9 to use PKI.   My keystore contains multiple CAs.   I had to modify the ssl-connector from    org.apache.coyote.http11.Http11Protocol to    org.apache.coyote.http11.Http11NioProtocol   Unfortunately the attribute "keyAlias" seems to not be supported in the NIO

Re: [OT] Re: Maven Warning. Ubuntu Users

2020-01-08 Thread Peter Kreuser
Zahid, you‘re talking to one of the most respected members of the community like this? STFU or leave. This calls for an ban! Peter > Am 08.01.2020 um 06:06 schrieb Zahid Rahman : > >  >> >> A version of what? > MAVEN > MAVEN > MAVEN > > In light of thi

Re: Ignore duplicate HTTP headers in Tomcat 8.5.50-0+deb9u1

2020-01-07 Thread Peter Kreuser
lement and is that complexity justified by the benefit it brings? > Just thinking how to handle “n” Host headers at various locations in the request... 8-0 > At this point, I'm not sure. > > So far we are looking at a feature required b

Re: Ignore duplicate HTTP headers in Tomcat 8.5.50-0+deb9u1

2020-01-07 Thread Peter Kreuser
header field and to any > request message that contains more than one Host header field [[WITH A > CONFLICTING VALUE]]] or a Host header field with an invalid field-value. > " That would be a good idea - maybe only in conjunction with setting rejectIllegalHeaderName=false If

Re: Curl problem with reloadSslHostConfigs, Re: Let's Encrypt with Tomcat?

2020-01-06 Thread Peter Kreuser
ration of concerns, add a separate user with a longer one and shell friendly password only with the role below... > Or do I need to give the manager user an additional role? Currently, I have: > manager-jmx (and maybe for other script-actions manager-script) Peter > -- > JHHL &

Re: Breakthrough, Re: Let's Encrypt with Tomcat?

2020-01-06 Thread Peter Kreuser
# Completed on Mon Jan 6 21:17:22 2020 > > Other than the one obvious line near the bottom, >> -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443 > I'm not entirely sure what all of this means, nor do I remember what I did to > set it up. Heureka! So you may

Re: Let's Encrypt with Tomcat?

2019-12-30 Thread Peter Kreuser
same that you did for 443 forwarding to redirect 80 to tomcat port 8080. IIKS, hope I was not too confusing??? Peter Peter Kreuser > Am 30.12.2019 um 20:01 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > > On 12/2

Re: Let's Encrypt with Tomcat?

2019-12-30 Thread Peter Kreuser
James, > Am 28.12.2019 um 00:33 schrieb James H. H. Lampert : > >  >>> >>> Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" and >>> ".key" files directly, instead of the Java Keystore file? Correct! > If so, then that could potentially simplify things: if I have HTTPD

Re: Let's Encrypt with Tomcat?

2019-12-28 Thread Peter Kreuser
Chris, Peter Kreuser > Am 27.12.2019 um 21:14 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > >> > but the idea is that certbot has "plug-ins" and we'd need to > supply a "tomcat" plug-in that d

Re: UPDATED: JMX reloadSslHostConfigs fails with javax.management.RuntimeOperationsException

2019-12-16 Thread Peter Kreuser
Mark, Peter Kreuser >> Am 16.12.2019 um 16:05 schrieb Mark Thomas : >> >> On 16/12/2019 12:55, Mark Thomas wrote: >>> On 15/12/2019 09:33, logo wrote: >> >>> Mark can you confirm that this is a bug? >> Confirmed. >> I'm looking

Re: remote jmx monitoring through ssh tunnel

2019-12-10 Thread Peter Kreuser
t;> >>> className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" >>>> rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" >>>> useLocalPorts="true" /> >>>> >>>> >>>> Upon startup I see in logs : INFO [ma

Re: Global Error Handling

2019-12-03 Thread Peter Kreuser
 Mark, Peter Kreuser >>> Am 03.12.2019 um 14:31 schrieb Mark Thomas : >> On 03/12/2019 12:50, logo wrote: >> Sumit, >> Am 2019-12-03 13:11, schrieb Sumit Bhardwaj: >>> Hi Experts, >>> We have a requirement from a customer, where in case of 404, wh

Re: Using CsrfPreventionFilter with GET-based submissions

2019-11-12 Thread Peter Kreuser
Chris, > Am 13.11.2019 um 02:35 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >> On 11/10/19 19:05, Peter Kreuser wrote: >> Chris, >> >>> >>> Am 09.11.2019 um 03:58 schri

Re: Using CsrfPreventionFilter with GET-based submissions

2019-11-10 Thread Peter Kreuser
isn't > request-specific). > > Would it be inappropriate to add the CSRF_NONCE to the request > attributes so that application code could use it directly if > necessary? Something like this: > > > ... > value="<%= request.getAttribute("CSRF_NONCE") %&g

Re: Security issue involving HTTP response headers

2019-10-02 Thread Peter Kreuser
Hi James, Peter Kreuser > Am 02.10.2019 um 08:05 schrieb > : > > Tomcat 7.0.63 and above. > > Navigate to the tomcat conf directory and open the web.xml with a text editor. > > In the filter section of the web.xml add the following filter >

Re: Secure Communication Between Tomcat Servers

2019-09-09 Thread Peter Kreuser
Isn‘t that what client certs are for? Https to identify Server A, Client cert to authenticate Server B? Message integrity should then be unnecessary?! Or am I missing a piece? Peter > Am 09.09.2019 um 21:10 schrieb M. Manna : > > Why not use JWT cookies/tokens? You sign your claims

Re: Problem with OpenSSL cipher suites -what's wrong with this configuration?

2019-08-07 Thread Peter Kreuser
Jessica, Peter Kreuser > Am 07.08.2019 um 14:33 schrieb Alten, Jessica-Aileen > : > > Dear all, > > I have a problem with the Tomcat 9.0.22 configuration for TLSv1.3 using > jdk8u222-b10_openj9-0.15.1 on Windows Server 2016. In principle TLSv1.3 > works, but I wan

Re: Support Request for problem with problem running SSL certificate on tomcat 8

2019-08-07 Thread Peter Kreuser
, but as your keystore is causing troubles, I‘m not really able to troubleshoot that. After all, you may have to reread on cert handling with keytool vs. openssl. I prefer the openssl way ;-). Peter Peter Kreuser > Am 06.08.2019 um 19:50 schrieb Munzer Khatib : > > Hi Peter > I dont have

Re: Support Request for problem with problem running SSL certificate on tomcat 8

2019-08-06 Thread Peter Kreuser
t the PEM to pkcs12/keystore format Care to try the following command? openssl pkcs12 -export -in cert.pem -inkey privkey.pem -name tomcat -certfile fullchain.pem -passout pass:changeit -out jssekeystore Peter > I am not sure why but it seems the new one is not linking all cert

[slighly OT] Re: Apache Vulnerability - Understanding Connector Protocols

2019-08-01 Thread Peter Kreuser
; let it completely freak out. Just for the test of it: great idea! But one of the first hardening actions on Tomcat is to disable standard error pages and version info. Server header removed (set to IIS if you like!) You

Re: AW: Outbound SSL?

2019-06-01 Thread Peter Kreuser
H_AES_256_GCM_SHA384 > > ... calling the others "weak". I think that's because they consider > anytning that isn't using ECDHE+GCM to be "weak". Well, it's the best > we can do right now without going up to TLSv1.3. > > Anyhow, if the client

Re: Outbound SSL?

2019-05-29 Thread Peter Kreuser
Java. Unless you set specific values on the connection. Or on the commandline. Could you please let us know the Java version and maybe the Connection settings? JAVA_OPTS? > -- > James H. H. Lampert > > --

Re: Minor version upgrades

2019-05-10 Thread Peter Kreuser
--- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > Just my 2ct Peter - To unsubscribe,

Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server

2019-04-16 Thread Peter@Kreuser-Online
atalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_INTL_FIELD_USER_MIA > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed > accessControl() test > > > > The error mess

connectionInitSqls

2019-04-12 Thread Peter Tom
alter session set NLS_NUMERIC_CHARACTERS = '.,'") into the context.xml file in the app. META-INF directory: But still not working. Has somebody idea how to solve it? thank you Peter

RE: Access to server denied

2019-03-25 Thread Peter Henriques
Hi Luis, Its alright. I have uninstalled tomcat on zos USS and will attempt to run an install using the tomcat JCL instead. Thanks anyway. Peter -Original Message- From: Luis Rodríguez Fernández [mailto:uo67...@gmail.com] Sent: 25 March 2019 12:55 To: Tomcat Users List Subject: Re

Access to server denied

2019-03-25 Thread Peter Henriques
or is there an error with my config with permissible usernames. Regards Peter M Henriques Support Engineer - Mainframe Support Group D: +44-1293-872072 | T: +44-1293-872000 | www.macro4.com<http://www.macro4.com/> [cid:image001.png@01D4E2EB.B0AA26C0]<http://www.macro4.com/> [cid:

Re: Has anybody ever heard of "ECDHE-ECDSA-CHACHA20-POLY1305"? was Re: TLS protocols and cipher suites

2019-03-19 Thread Peter@Kreuser-Online
Hi James, > Am 18.03.2019 um 23:49 schrieb James H. H. Lampert : > > I've just (same customer as before) been asked about > ECDHE-ECDSA-CHACHA20-POLY1305 > and ECDHE-RSA-CHACHA20-POLY1305 > > and I can't find either one on the Sun or IBM JSSE cipher lists for Java 8. > Most certainly only

Re: Has anybody ever heard of "ECDHE-ECDSA-CHACHA20-POLY1305"? was Re: TLS protocols and cipher suites

2019-03-19 Thread Peter@Kreuser-Online
Oh, and yes I’ve heard about them and used the RSA version! Peter > Am 18.03.2019 um 23:49 schrieb James H. H. Lampert : > > I've just (same customer as before) been asked about > ECDHE-ECDSA-CHACHA20-POLY1305 > and ECDHE-RSA-CHACHA20-POLY1305 > > and I can't find either

RE: Issue with TomCat 8.5 under z/OS2.3 and USS

2019-03-12 Thread Peter Henriques
Hi Mark, I have resolved this issue. I apparently chose the wrong java location and config. There is a pre installed IBM JDK pack. I used this one rather then the one I installed(OpenJDK) and can start up Tomcat now. Thanks Peter -Original Message- From: Mark Thomas [mailto:ma

RE: Issue with TomCat 8.5 under z/OS2.3 and USS

2019-03-12 Thread Peter Henriques
HI, I also saw this issue that could be related: https://serverfault.com/questions/824107/authorization-required-to-install-jzos-batch-launcher/824367 Regards Peter -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 12 March 2019 11:41 To: users@tomcat.apache.org

RE: Issue with TomCat 8.5 under z/OS2.3 and USS

2019-03-12 Thread Peter Henriques
Hi, Apologies...8.5.38 -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 12 March 2019 11:41 To: users@tomcat.apache.org Subject: Re: Issue with TomCat 8.5 under z/OS2.3 and USS On 12/03/2019 11:32, Peter Henriques wrote: > Hello, > >   > > My Envi

Issue with TomCat 8.5 under z/OS2.3 and USS

2019-03-12 Thread Peter Henriques
s reasons for this error. The closest or more relevant issue I have seen is : http://www-01.ibm.com/support/docview.wss?uid=swg1PM54627 I have even attempted to use su under USS shell but it just ignores this authority. Is there a way I can modify the supplied JCL(TCJOB, TCENV) to add superuser privi

Re: Http insecure headers

2019-03-05 Thread Peter@Kreuser-Online
body else? You may need help from the developer. Best regards Peter >> On Wed, Feb 27, 2019 at 9:20 PM logo wrote: >> >> >> Hello Nitin, >> >> Am 27.02.2019 16:34, schrieb Nitin Kadam: >> >> > Hello Team, >> > >> > I

Re: Http insecure headers

2019-02-19 Thread Peter@Kreuser-Online
, the right settings for your needs and intensive testing. You may really break inline Javascript in your pages (css too). Please check out the great websites of Scott Helme on the Headers https://Securityheaders.io or https://scotthelme.co.uk/csp-cheat-sheet/ Peter > Am 19.02.2019 um 19:13 schr

Re: Question regarding mitigating the CVE-2017-12617 vulnerability

2019-02-13 Thread Peter@Kreuser-Online
d examples webcontext. The are a couple more hardening suggestions. But keep the updates coming. 8.5.13 is a bit aged and the next scan will come. Just the 2cts of an application security guy. Peter > Tripwire isn't trying to see if HTTP PUT is enabled. He is opening a false > positi

Re: [EXTERNAL] Re: tomcat Finding!

2018-12-19 Thread Peter@Kreuser-Online
Tomcat 8.5.32 >> 12085 >> Apache Tomcat Default Files >> The following default files were found >> :/nessus-check/default-404-error-page.html >> Delete the default index page and remove the example JSP and servlets. did you also remove the default files under we

unsuscribe

2018-07-05 Thread Peter
unsubscribe

Re: Connection closed error and certificateVerification="required"

2018-04-19 Thread Peter@Kreuser-Online
>> Again, many thanks. > > No problem. Happy to help. Thanks for your assistance with this issue. > Your test case and debug logs were invaluable. I couldn't have fixed > this without them. > > Mark > Do you mind to share more about the root cause? I’ve followed this mail communication from the start and am curious. Let me tell you that your endurance on all the tricky issues here is admirable! Thank you for that! Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Running as user tomcat

2018-02-23 Thread Peter@Kreuser-Online
hank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 Best regards Peter

Re: [OT] How does tomcat handle session ids?

2018-02-08 Thread Peter Kreuser
the once used session with stored values alive. That is essentially not a requirement to tomcat but to the developer who implements the webapp. If that would always be the case (and of course for tomcat to keep track of active ids) would make session id reuse not a big deal. My 2cts. Peter PS

Re: Using Environment variables instead of Java -D properties for context.xml substitution

2018-01-23 Thread Peter Kreuser
BTW: > Am 23.01.2018 um 13:56 schrieb Peter Kreuser <l...@kreuser.name>: > > Algirdas, > > > >> Am 23.01.2018 um 13:27 schrieb Algirdas Veitas <apvei...@gmail.com>: >> >> Andre, my apologies for bringing up a topic that has been repeated ad

Re: Using Environment variables instead of Java -D properties for context.xml substitution

2018-01-23 Thread Peter Kreuser
ave access to all the information anyhow. But any other users around will not be able to read the conf, even the java opts of the process will be invisible. Just my 2cts. Peter > Don't want to restart an old thread, so if preferred, we can stop the > discussion. Thank you for your time. >

Re: Activating Tomcat 8.5 APR on RHEL7

2018-01-15 Thread Peter Kreuser
)478 838336 > jean-pierre.urk...@devoteam.com > > > > > > Maatschappelijke zetel Devoteam NV/SA > Belgicastraat 17 - 1930 Zaventem > VAT: BE 0466.475.275 / RPM Bruxelles - RPR Brussel > > Best regards Peter

Re: Apache Tomcat 8.5.24 SSL Configuration

2017-12-22 Thread Peter Kreuser
y try https://testssl.sh and download the script from there. That works in internal networks. It even simulates connects with different clients (eg Chrome) Peter > On Fri, Dec 22, 2017 at 9:37 AM, Thomas Delaney <tdelaney@gmail.com> > wrote: > >> The site is interna

  1   2   3   4   5   6   7   8   9   10   >