Re: Understanding issues with connection refused when redirecting internally

2021-04-12 Thread Peter Chamberlain
On Mon, 12 Apr 2021, 09:07 Mark Thomas, wrote: > On 11/04/2021 11:03, Peter Chamberlain wrote: > > > > > I've been investigating this some more, as I'm not convinced nio2 isn't > > behaving strangely in this case. I think there may of been some sort of > > rever

Re: Understanding issues with connection refused when redirecting internally

2021-04-11 Thread Peter Chamberlain
On Fri, 9 Apr 2021 at 18:12, Peter Chamberlain wrote: > > > On Fri, 9 Apr 2021, 14:10 Christopher Schultz, < > ch...@christopherschultz.net> wrote: > >> Peter, >> >> On 4/9/21 06:53, Peter Chamberlain wrote: >> > Hello, >> > I've been t

Re: Understanding issues with connection refused when redirecting internally

2021-04-09 Thread Peter Chamberlain
On Fri, 9 Apr 2021, 14:10 Christopher Schultz, wrote: > Peter, > > On 4/9/21 06:53, Peter Chamberlain wrote: > > Hello, > > I've been trying to understand the behaviour of tomcat when handling > > internal redirects. I'm testing using tomcat 9.0.38. I'm testing using

Re: Understanding issues with connection refused when redirecting internally

2021-04-09 Thread Peter Chamberlain
On Fri, 9 Apr 2021, 14:29 Mark Thomas, wrote: > On 09/04/2021 11:53, Peter Chamberlain wrote: > > Hello, > > I've been trying to understand the behaviour of tomcat when handling > > internal redirects. I'm testing using tomcat 9.0.38. I'm testing using > > jdk8 1.8.0_2

Understanding issues with connection refused when redirecting internally

2021-04-09 Thread Peter Chamberlain
Apologies if this has been covered elsewhere before, I have been searching but haven't found anything particularly clear covering this. Best regards, Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] programming style or mental process ?

2021-04-05 Thread Peter Kreuser
f" is always executed, and s is always null. > > If you switch the operands, the compiler will fail because you can't assign a > value to null: > > if(null = s ) { >// Compiler will refuse to compile > } > Isn‘t it true that only one bit difference would result

IDNs emoji replaced by punycode - how to remain with emoji?

2021-03-08 Thread Peter Rader
--x7h.example.com in Chrome, Edge and Firefox (did not test more).   How to remain with emoji IDN in the browser URL?   Kind regards Peter Rader -- Fachinformatiker AE / IT Software Developer Peter Rader Wilsnacker Strasse 17 10559 Berlin - GERMANY Tel: 0049 (0)30 / 6 29 33 29 6 Fax: 0049 (0)30 / 6 29 33 29 6

Re: Question about TLS/SSL setup and SSLHostConfig or not

2021-03-02 Thread Peter Kreuser
cat-9.0-doc/ssl-howto.html >>> http://tomcat.apache.org/tomcat-10.0-doc/ssl-howto.html >>> >>> ``` >>> >>> >> protocol="org.apache.coyote.http11.Http11NioProtocol" >>> port="8443" maxThrea

Re: Browser complains of "weak signature algorithm" in cert on a new Tomcat installation. Does anybody here know anything about that sort of thing

2021-01-06 Thread Peter Kreuser
ser, it complained, > something to the general effect of "weak signature algorithm." > I guess they never upgraded their CA and still sign the certs with SHA1 or even MD5. They should change that for sure! Peter > While it's not really my problem (and is only connected t

Re: Deploying war, Negative Date exception

2020-10-12 Thread Peter Henderson
On Mon, 12 Oct 2020 at 14:50, Mark Thomas wrote: > On 12/10/2020 13:53, Mark Thomas wrote: > > On 12/10/2020 12:49, Mark Thomas wrote: > >> On 12/10/2020 12:19, Peter Henderson wrote: > >>> Hello fellow tomcat users. > >>> > >>> My enviro

Deploying war, Negative Date exception

2020-10-12 Thread Peter Henderson
seeing this exception when I upgraded my projects build tool version from sbt.version=1.3.10 to sbt.version=1.4.0 Is this a tomcat bug, a build tool bug or most likely something I'm doing wrong? Thanks Peter. [0] https://github.com/bollinger/NegativeDate [1] https://github.com/bollinger

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

2020-08-27 Thread Peter Kreuser
! To me a bug in the scanner plugin! My 2ct. Peter > Am 27.08.2020 um 09:47 schrieb Mark Thomas : > > On 27/08/2020 06:31, Terence M. Bandoian wrote: >> On 8/26/2020 11:27 PM, Pratik Shrestha wrote: > > > >>> For me, there are two options for the fix which I am no

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

2020-08-25 Thread Peter Kreuser
Tomcat version 7 used to send the error 'ERR_EMPTY_RESP' which > should still be okay. > > We already tried to find the fix for this issue on the web but in vain. > > Kindly help if anyone has found a way to fix it. > > Regards, > Pratik Peter --

Re: Request for Help

2020-07-29 Thread Peter Rader
Hello Mohan,   please tell if you are using 1. the JSP technology inside the application 2. what JDK version on server-side   Kind regards Peter Rader -- Fachinformatiker AE / IT Software Developer Peter Rader Wilsnacker Strasse 17 10559 Berlin - GERMANY Tel: 0049 (0)30 / 6 29 33 29 6 Fax: 0049

Re: Error in stopping application tomcat !!

2020-07-25 Thread Peter Kreuser
her bugzilla or the release notes! > Please suggest the probable fix to make this smooth. > For now it maybe as simple as sending SIGKILL to the java process. Apparently some resources in your app don‘t want to terminate. My 2ct. Peter >> On Sat, Jul 25, 2020 at 11:03 AM Kushagra Bin

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

2020-04-09 Thread Peter Kreuser
g/docs/2.4/mod/mod_proxy.html#proxypass > > Apparently, the documentation would recommend something like the following: > > >ProxyPass "!" > > >ProxyPass "!" > > > I think that the above is probably easier to read and more spe

Aw: Re: Re: /META-INF/resources/ and Chrome's DevTools

2020-04-07 Thread Peter Rader
> Betreff: Re: Aw: Re: /META-INF/resources/ and Chrome's DevTools >  On 06/04/2020 09:16, Peter Rader wrote: > > Hello Konstantin Kolinko, >  > > > I tried to use the PreResource but it does not work. >  > > > 2020-04-06 10:13:05 WARNUNG org.apache.tomcat.util.

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

2020-04-06 Thread Peter Kreuser
ssary for your tomcat application need to be sent or maybe rewritten. You may need to set the correct attributes on your connector, so the URLs are correctly rewritten (port 8080/8443 in tomcat should be https 443 to the outside! Cookies may

Aw: Re: /META-INF/resources/ and Chrome's DevTools

2020-04-06 Thread Peter Rader
Any idea? > > Gesendet: Montag, 16. März 2020 um 01:01 Uhr > Von: "Konstantin Kolinko" > An: "Tomcat Users List" > Betreff: Re: /META-INF/resources/ and Chrome's DevTools > ??, 15 ???. 2020 ?. ? 13:47, Peter Rader : > > > > I have my def

Aw: Re: /META-INF/resources/ and Chrome's DevTools

2020-03-16 Thread Peter Rader
ntext] > Since beside the frontend.jar I have other jars who serve static resources. This means I must have multiple docBases what is not possible AFAIK. > > Best regards, > Konstantin Kolinko Kind regards Peter Rader - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

Aw: /META-INF/resources/ and Chrome's DevTools

2020-03-15 Thread Peter Rader
I wrote a little WebFilter for this task. https://github.com/enexusde/devtools-tomcat-bypass Kind regards Peter Rader -- Fachinformatiker AE / IT Software Developer Peter Rader Wilsnacker Strasse 17 10559 Berlin - GERMANY Tel: 0049 (0)30 / 20 9930560 Fax: 0049 (0)30 / 20 9930561 Handy: 0049 (0

/META-INF/resources/ and Chrome's DevTools

2020-03-15 Thread Peter Rader
. Pack the war 3. Redeploy the war. This process takes a length of about 5 minutes. It is reloading the application and package the jars/wars for the sake of 1 byte change. The Question: Can I map a single resource to a file dynamically without reloading the application. Kind regards Peter

Aw: Installing a program designed for Tomcat 5.5 on Tomcat 9

2020-02-08 Thread Peter Rader
I am pretty sure that you could use the JVM/JDK's endorsed folder. They usually have their place in \lib\endorsed . Kind regards Peter Rader - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional command

Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-03 Thread Peter Rader
if - a WAR is rejected because of its size, the Manager would never ever write "Hey dude, I am deploying your web application XXX!". Right? Anyway I found it by myself. > On 2/2/20 4:48 PM, Peter Rader wrote: > > The old version of the application had a daemon that hav

Aw: Re: SOLVED - Re: Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-02 Thread Peter Rader
> Please post updates to the original thread. This is the original thread. > As suggested in the original thread, it was a permissions issue ... > permission denied because the port was already in use : ) Why do you think it is a permission issue? I already disproved that! How can you break it

SOLVED - Re: Aw: Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-02 Thread Peter Rader
The old version of the application had a daemon that have not yet finished his execution. Unfortuantely there is no further logging why the old version not stoped yet. I expected to have the "mvn redeploy" waiting forever for this deamon-locked problem. What I can not do is write a bug report

Aw: Re: mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-02 Thread Peter Rader
Thank you for your reply. > Always look for the last "Caused by" in a stack trace for root cause. An > "IOException: Error writing to server" is indicative of a permissions > issue - I would start there, possibly the user account running the process. As pointed out in No. 3 the log said that the

mvn redeploy - double redeployment problem (within 0.2 seconds)

2020-02-02 Thread Peter Rader
0 FINE [http-nio-80-exec-6] org.apache.coyote.http11.Http11InputBuffer.parseRequestLine Received [PUT /manager/text/deploy?path=xxx==true HTTP/1.1 Please notice the two deployment threads: -6 and -5 Any ideas? Kind regards Peter Rader -- Fachinformatiker AE / IT Software Developer Peter

Re: [OT] Install Comodo SSL in Tomcat

2020-01-28 Thread Peter Kreuser
Chris, > Am 28.01.2020 um 18:02 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >> On 1/28/20 11:30 AM, Peter Kreuser wrote: >> Peter Kreuser >>> Am 28.01.2020 um 16:34 schrieb Christopher

Re: [OT] Install Comodo SSL in Tomcat

2020-01-28 Thread Peter Kreuser
Chris, Peter Kreuser > Am 28.01.2020 um 16:34 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >>>>> On 1/27/20 3:35 PM, logo wrote: >> Could you try >> openssl pkcs12 -export -in my.crt -

Antwort: Tomcat 7: Access Valve pattern cipher, SSL Protocol

2020-01-16 Thread Peter Köhler
Hi Palod, i think you can do it with: JAVA_OPTS="$JAVA_OPTS -Djavax.net.debug=ssl,handshake" Regards peter Von:"Palod, Manish" An: "users@tomcat.apache.org" Datum: 16.01.2020 15:58 Betreff:Tomcat 7: Access Valve pattern cipher, SSL P

Fw: Antwort: Tomcat9, JSP, CSS and JS not loading in Firefox

2020-01-15 Thread Peter Köhler
- Weitergeleitet von Peter Köhler/BN/DWD am 15.01.2020 15:50 - Von:Peter Köhler An: "Tomcat Users List" Datum: 15.01.2020 15:49 Betreff:Antwort: Tomcat9, JSP, CSS and JS not loading in Firefox Von:Léa Massiot An: users@tomcat.apache.org Datum: 15.

Antwort: Tomcat9, JSP, CSS and JS not loading in Firefox

2020-01-15 Thread Peter Köhler
- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Dear Lea, maybe https://stackoverflow.com/questions/48248832/stylesheet-not-loaded-because-of-mime-type helps. Regards Peter

Tomcat9.0.16 on RHEL 7: ssl and javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

2020-01-15 Thread Peter Köhler
" I have thought that clientAuth="want" andsslProtocol="TLS" allow X509 authentification over tomcat-users.xml . What can i do to solve that problem? Thanks Peter

Re: TC8 -> TC9 KeyAlias SSL not supported?

2020-01-13 Thread Peter Kreuser
Peter, > Am 13.01.2020 um 16:49 schrieb Peter Rader : > >  >> Peter, >> Can you find what you are looking for here? >> >> > >> ? > > No! There is no such node or any similar content. And there simply can not be > such a node because all th

Re: Aw: Re: TC8 -> TC9 KeyAlias SSL not supported?

2020-01-13 Thread Peter Rader
> Peter, > > Can you find what you are looking for here? > > > > > ? No! There is no such node or any similar content. And there simply can not be such a node because all the connector-xml-nodes are self-closing as you might have already noticed. AFAIK I should not c

Aw: Re: TC8 -> TC9 KeyAlias SSL not supported?

2020-01-13 Thread Peter Rader
m  > >   org.apache.coyote.http11.Http11Protocol > > to  > >   org.apache.coyote.http11.Http11NioProtocol > > Full Connector configurations (with sensitive data masked)? TC8= TC9= Masks: - XXX keystore CA - keystore or truststore

TC8 -> TC9 KeyAlias SSL not supported?

2020-01-13 Thread Peter Rader
I recently moved from T8 to T9 to use PKI.   My keystore contains multiple CAs.   I had to modify the ssl-connector from    org.apache.coyote.http11.Http11Protocol to    org.apache.coyote.http11.Http11NioProtocol   Unfortunately the attribute "keyAlias" seems to not be supported in the NIO

Re: [OT] Re: Maven Warning. Ubuntu Users

2020-01-08 Thread Peter Kreuser
Zahid, you‘re talking to one of the most respected members of the community like this? STFU or leave. This calls for an ban! Peter > Am 08.01.2020 um 06:06 schrieb Zahid Rahman : > >  >> >> A version of what? > MAVEN > MAVEN > MAVEN > > In light of thi

Re: Ignore duplicate HTTP headers in Tomcat 8.5.50-0+deb9u1

2020-01-07 Thread Peter Kreuser
lement and is that complexity justified by the benefit it brings? > Just thinking how to handle “n” Host headers at various locations in the request... 8-0 > At this point, I'm not sure. > > So far we are looking at a feature required b

Re: Ignore duplicate HTTP headers in Tomcat 8.5.50-0+deb9u1

2020-01-07 Thread Peter Kreuser
header field and to any > request message that contains more than one Host header field [[WITH A > CONFLICTING VALUE]]] or a Host header field with an invalid field-value. > " That would be a good idea - maybe only in conjunction with setting rejectIllegalHeaderName=false If

Re: Curl problem with reloadSslHostConfigs, Re: Let's Encrypt with Tomcat?

2020-01-06 Thread Peter Kreuser
ration of concerns, add a separate user with a longer one and shell friendly password only with the role below... > Or do I need to give the manager user an additional role? Currently, I have: > manager-jmx (and maybe for other script-actions manager-script) Peter > -- > JHHL &

Re: Breakthrough, Re: Let's Encrypt with Tomcat?

2020-01-06 Thread Peter Kreuser
# Completed on Mon Jan 6 21:17:22 2020 > > Other than the one obvious line near the bottom, >> -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443 > I'm not entirely sure what all of this means, nor do I remember what I did to > set it up. Heureka! So you may

Re: Let's Encrypt with Tomcat?

2019-12-30 Thread Peter Kreuser
same that you did for 443 forwarding to redirect 80 to tomcat port 8080. IIKS, hope I was not too confusing??? Peter Peter Kreuser > Am 30.12.2019 um 20:01 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > > On 12/2

Re: Let's Encrypt with Tomcat?

2019-12-30 Thread Peter Kreuser
James, > Am 28.12.2019 um 00:33 schrieb James H. H. Lampert : > >  >>> >>> Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" and >>> ".key" files directly, instead of the Java Keystore file? Correct! > If so, then that could potentially simplify things: if I have HTTPD

Re: Let's Encrypt with Tomcat?

2019-12-28 Thread Peter Kreuser
Chris, Peter Kreuser > Am 27.12.2019 um 21:14 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > >> > but the idea is that certbot has "plug-ins" and we'd need to > supply a "tomcat" plug-in that d

Re: UPDATED: JMX reloadSslHostConfigs fails with javax.management.RuntimeOperationsException

2019-12-16 Thread Peter Kreuser
Mark, Peter Kreuser >> Am 16.12.2019 um 16:05 schrieb Mark Thomas : >> >> On 16/12/2019 12:55, Mark Thomas wrote: >>> On 15/12/2019 09:33, logo wrote: >> >>> Mark can you confirm that this is a bug? >> Confirmed. >> I'm looking

Re: remote jmx monitoring through ssh tunnel

2019-12-10 Thread Peter Kreuser
t;> >>> className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener" >>>> rmiRegistryPortPlatform="10001" rmiServerPortPlatform="10002" >>>> useLocalPorts="true" /> >>>> >>>> >>>> Upon startup I see in logs : INFO [ma

Re: Global Error Handling

2019-12-03 Thread Peter Kreuser
 Mark, Peter Kreuser >>> Am 03.12.2019 um 14:31 schrieb Mark Thomas : >> On 03/12/2019 12:50, logo wrote: >> Sumit, >> Am 2019-12-03 13:11, schrieb Sumit Bhardwaj: >>> Hi Experts, >>> We have a requirement from a customer, where in case of 404, wh

Re: Using CsrfPreventionFilter with GET-based submissions

2019-11-12 Thread Peter Kreuser
Chris, > Am 13.11.2019 um 02:35 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >> On 11/10/19 19:05, Peter Kreuser wrote: >> Chris, >> >>> >>> Am 09.11.2019 um 03:58 schri

Re: Using CsrfPreventionFilter with GET-based submissions

2019-11-10 Thread Peter Kreuser
isn't > request-specific). > > Would it be inappropriate to add the CSRF_NONCE to the request > attributes so that application code could use it directly if > necessary? Something like this: > > > ... > value="<%= request.getAttribute("CSRF_NONCE") %&g

Re: Security issue involving HTTP response headers

2019-10-02 Thread Peter Kreuser
Hi James, Peter Kreuser > Am 02.10.2019 um 08:05 schrieb > : > > Tomcat 7.0.63 and above. > > Navigate to the tomcat conf directory and open the web.xml with a text editor. > > In the filter section of the web.xml add the following filter >

Re: Secure Communication Between Tomcat Servers

2019-09-09 Thread Peter Kreuser
Isn‘t that what client certs are for? Https to identify Server A, Client cert to authenticate Server B? Message integrity should then be unnecessary?! Or am I missing a piece? Peter > Am 09.09.2019 um 21:10 schrieb M. Manna : > > Why not use JWT cookies/tokens? You sign your claims

Re: Problem with OpenSSL cipher suites -what's wrong with this configuration?

2019-08-07 Thread Peter Kreuser
Jessica, Peter Kreuser > Am 07.08.2019 um 14:33 schrieb Alten, Jessica-Aileen > : > > Dear all, > > I have a problem with the Tomcat 9.0.22 configuration for TLSv1.3 using > jdk8u222-b10_openj9-0.15.1 on Windows Server 2016. In principle TLSv1.3 > works, but I wan

Re: Support Request for problem with problem running SSL certificate on tomcat 8

2019-08-07 Thread Peter Kreuser
, but as your keystore is causing troubles, I‘m not really able to troubleshoot that. After all, you may have to reread on cert handling with keytool vs. openssl. I prefer the openssl way ;-). Peter Peter Kreuser > Am 06.08.2019 um 19:50 schrieb Munzer Khatib : > > Hi Peter > I dont have

Re: Support Request for problem with problem running SSL certificate on tomcat 8

2019-08-06 Thread Peter Kreuser
t the PEM to pkcs12/keystore format Care to try the following command? openssl pkcs12 -export -in cert.pem -inkey privkey.pem -name tomcat -certfile fullchain.pem -passout pass:changeit -out jssekeystore Peter > I am not sure why but it seems the new one is not linking all cert

[slighly OT] Re: Apache Vulnerability - Understanding Connector Protocols

2019-08-01 Thread Peter Kreuser
; let it completely freak out. Just for the test of it: great idea! But one of the first hardening actions on Tomcat is to disable standard error pages and version info. Server header removed (set to IIS if you like!) You

Re: AW: Outbound SSL?

2019-06-01 Thread Peter Kreuser
H_AES_256_GCM_SHA384 > > ... calling the others "weak". I think that's because they consider > anytning that isn't using ECDHE+GCM to be "weak". Well, it's the best > we can do right now without going up to TLSv1.3. > > Anyhow, if the client

Re: Outbound SSL?

2019-05-29 Thread Peter Kreuser
Java. Unless you set specific values on the connection. Or on the commandline. Could you please let us know the Java version and maybe the Connection settings? JAVA_OPTS? > -- > James H. H. Lampert > > --

Re: Minor version upgrades

2019-05-10 Thread Peter Kreuser
--- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > Just my 2ct Peter - To unsubscribe,

Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server

2019-04-16 Thread Peter@Kreuser-Online
atalina.realm.RealmBase.hasResourcePermission No role found: > TOPS_INTL_FIELD_USER_MIA > 15-Apr-2019 17:08:17.769 FINE [https-jsse-nio-9443-exec-8] > org.apache.catalina.authenticator.AuthenticatorBase.invoke Failed > accessControl() test > > > > The error mess

connectionInitSqls

2019-04-12 Thread Peter Tom
alter session set NLS_NUMERIC_CHARACTERS = '.,'") into the context.xml file in the app. META-INF directory: But still not working. Has somebody idea how to solve it? thank you Peter

RE: Access to server denied

2019-03-25 Thread Peter Henriques
Hi Luis, Its alright. I have uninstalled tomcat on zos USS and will attempt to run an install using the tomcat JCL instead. Thanks anyway. Peter -Original Message- From: Luis Rodríguez Fernández [mailto:uo67...@gmail.com] Sent: 25 March 2019 12:55 To: Tomcat Users List Subject: Re

Access to server denied

2019-03-25 Thread Peter Henriques
or is there an error with my config with permissible usernames. Regards Peter M Henriques Support Engineer - Mainframe Support Group D: +44-1293-872072 | T: +44-1293-872000 | www.macro4.com<http://www.macro4.com/> [cid:image001.png@01D4E2EB.B0AA26C0]<http://www.macro4.com/> [cid:

Re: Has anybody ever heard of "ECDHE-ECDSA-CHACHA20-POLY1305"? was Re: TLS protocols and cipher suites

2019-03-19 Thread Peter@Kreuser-Online
Hi James, > Am 18.03.2019 um 23:49 schrieb James H. H. Lampert : > > I've just (same customer as before) been asked about > ECDHE-ECDSA-CHACHA20-POLY1305 > and ECDHE-RSA-CHACHA20-POLY1305 > > and I can't find either one on the Sun or IBM JSSE cipher lists for Java 8. > Most certainly only

Re: Has anybody ever heard of "ECDHE-ECDSA-CHACHA20-POLY1305"? was Re: TLS protocols and cipher suites

2019-03-19 Thread Peter@Kreuser-Online
Oh, and yes I’ve heard about them and used the RSA version! Peter > Am 18.03.2019 um 23:49 schrieb James H. H. Lampert : > > I've just (same customer as before) been asked about > ECDHE-ECDSA-CHACHA20-POLY1305 > and ECDHE-RSA-CHACHA20-POLY1305 > > and I can't find either

RE: Issue with TomCat 8.5 under z/OS2.3 and USS

2019-03-12 Thread Peter Henriques
Hi Mark, I have resolved this issue. I apparently chose the wrong java location and config. There is a pre installed IBM JDK pack. I used this one rather then the one I installed(OpenJDK) and can start up Tomcat now. Thanks Peter -Original Message- From: Mark Thomas [mailto:ma

RE: Issue with TomCat 8.5 under z/OS2.3 and USS

2019-03-12 Thread Peter Henriques
HI, I also saw this issue that could be related: https://serverfault.com/questions/824107/authorization-required-to-install-jzos-batch-launcher/824367 Regards Peter -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 12 March 2019 11:41 To: users@tomcat.apache.org

RE: Issue with TomCat 8.5 under z/OS2.3 and USS

2019-03-12 Thread Peter Henriques
Hi, Apologies...8.5.38 -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: 12 March 2019 11:41 To: users@tomcat.apache.org Subject: Re: Issue with TomCat 8.5 under z/OS2.3 and USS On 12/03/2019 11:32, Peter Henriques wrote: > Hello, > >   > > My Envi

Issue with TomCat 8.5 under z/OS2.3 and USS

2019-03-12 Thread Peter Henriques
s reasons for this error. The closest or more relevant issue I have seen is : http://www-01.ibm.com/support/docview.wss?uid=swg1PM54627 I have even attempted to use su under USS shell but it just ignores this authority. Is there a way I can modify the supplied JCL(TCJOB, TCENV) to add superuser privi

Re: Http insecure headers

2019-03-05 Thread Peter@Kreuser-Online
body else? You may need help from the developer. Best regards Peter >> On Wed, Feb 27, 2019 at 9:20 PM logo wrote: >> >> >> Hello Nitin, >> >> Am 27.02.2019 16:34, schrieb Nitin Kadam: >> >> > Hello Team, >> > >> > I

Re: Http insecure headers

2019-02-19 Thread Peter@Kreuser-Online
, the right settings for your needs and intensive testing. You may really break inline Javascript in your pages (css too). Please check out the great websites of Scott Helme on the Headers https://Securityheaders.io or https://scotthelme.co.uk/csp-cheat-sheet/ Peter > Am 19.02.2019 um 19:13 schr

Re: Question regarding mitigating the CVE-2017-12617 vulnerability

2019-02-13 Thread Peter@Kreuser-Online
d examples webcontext. The are a couple more hardening suggestions. But keep the updates coming. 8.5.13 is a bit aged and the next scan will come. Just the 2cts of an application security guy. Peter > Tripwire isn't trying to see if HTTP PUT is enabled. He is opening a false > positi

Re: [EXTERNAL] Re: tomcat Finding!

2018-12-19 Thread Peter@Kreuser-Online
Tomcat 8.5.32 >> 12085 >> Apache Tomcat Default Files >> The following default files were found >> :/nessus-check/default-404-error-page.html >> Delete the default index page and remove the example JSP and servlets. did you also remove the default files under we

unsuscribe

2018-07-05 Thread Peter
unsubscribe

Re: Connection closed error and certificateVerification="required"

2018-04-19 Thread Peter@Kreuser-Online
>> Again, many thanks. > > No problem. Happy to help. Thanks for your assistance with this issue. > Your test case and debug logs were invaluable. I couldn't have fixed > this without them. > > Mark > Do you mind to share more about the root cause? I’ve followed this mail communication from the start and am curious. Let me tell you that your endurance on all the tricky issues here is admirable! Thank you for that! Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Running as user tomcat

2018-02-23 Thread Peter@Kreuser-Online
hank You; > > Chris Cheltenham > Technology Services > The School District of Philadelphia > > Work # 215-400-5025 > Cell # 215-301-6571 Best regards Peter

Re: [OT] How does tomcat handle session ids?

2018-02-08 Thread Peter Kreuser
the once used session with stored values alive. That is essentially not a requirement to tomcat but to the developer who implements the webapp. If that would always be the case (and of course for tomcat to keep track of active ids) would make session id reuse not a big deal. My 2cts. Peter PS

Re: Using Environment variables instead of Java -D properties for context.xml substitution

2018-01-23 Thread Peter Kreuser
BTW: > Am 23.01.2018 um 13:56 schrieb Peter Kreuser <l...@kreuser.name>: > > Algirdas, > > > >> Am 23.01.2018 um 13:27 schrieb Algirdas Veitas <apvei...@gmail.com>: >> >> Andre, my apologies for bringing up a topic that has been repeated ad

Re: Using Environment variables instead of Java -D properties for context.xml substitution

2018-01-23 Thread Peter Kreuser
ave access to all the information anyhow. But any other users around will not be able to read the conf, even the java opts of the process will be invisible. Just my 2cts. Peter > Don't want to restart an old thread, so if preferred, we can stop the > discussion. Thank you for your time. >

Re: Activating Tomcat 8.5 APR on RHEL7

2018-01-15 Thread Peter Kreuser
)478 838336 > jean-pierre.urk...@devoteam.com > > > > > > Maatschappelijke zetel Devoteam NV/SA > Belgicastraat 17 - 1930 Zaventem > VAT: BE 0466.475.275 / RPM Bruxelles - RPR Brussel > > Best regards Peter

Re: Apache Tomcat 8.5.24 SSL Configuration

2017-12-22 Thread Peter Kreuser
y try https://testssl.sh and download the script from there. That works in internal networks. It even simulates connects with different clients (eg Chrome) Peter > On Fri, Dec 22, 2017 at 9:37 AM, Thomas Delaney <tdelaney@gmail.com> > wrote: > >> The site is interna

Aw: Trouble with TLS/SSL and Tomcat 8.5.23

2017-11-22 Thread Peter Kreuser
configuration is: > > protocol="org.apache.coyote.http11.Http11Nio2Protocol" > maxThreads="150" SSLEnabled="true" scheme="https" > secure="true" server="Apache" maxPostSize="10"> > sslProto

Re: URL-encoding and "#"

2017-10-13 Thread Peter Kreuser
Chris, Peter Kreuser > Am 13.10.2017 um 04:29 schrieb Christopher Schultz > <w...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > >> On 10/12/17 8:44 PM, James H. H. Lampert wrote: >> Question: >>

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-10 Thread Peter Kreuser
Christopher, Peter Kreuser > Am 10.10.2017 um 00:14 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > >> On 10/9/17 5:19 PM, Christopher Schultz wrote: >>>

Re: Enforcing server preference for cipher suites

2017-10-10 Thread Peter Kreuser
site is available on the internet, you could try ssllabs.com. The settings seem to be OK, unless I do not see an incorrect formatting on my phone. HTH, Peter > Let me know if i am missing anything or is my understanding is incorrect. > > id="orion.server.htt

Re: encodeURL, jsessionid and mod_rewrite ?

2017-10-03 Thread Peter Kreuser
Peter Kreuser > Am 04.10.2017 um 02:44 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Laurant, > >> On 10/3/17 5:17 PM, Laurent Perez wrote: >> I'm using apache+mod_proxy+mod_re

Re: tomcat ssl setup

2017-09-27 Thread Peter Kreuser
penssl genrsa -aes256 -out server.key 4096 -subj > "/C=XX/ST=XX/L=XX/O=XX/CN=localhost" > openssl req -new -key server.key -out server.csr -sha512 -subj > "/C=XX/ST=XX/L=XX/O=XX/CN=localhost/emailAddress=x...@xx.com" > #there is more to it to get SAN extensio

Re: "Cannot store non-PrivateKeys" exception moving from 8.0.37 to 8.5.20 - Linux

2017-09-21 Thread Peter Kreuser
Peter Kreuser > Am 21.09.2017 um 18:19 schrieb Sean Dawson <sean.dawson2...@gmail.com>: > > Hello, > > We migrated our application that was running fine on 8.0.37 to 8.5.20 and > on startup we receive: > > java.lang.IllegalArgumentException: java.security.Key

[OT]Re: Tomcat server apparently bouncing up and down

2017-08-19 Thread Peter Kreuser
Talking nicely and understandingly to it won't help either, I guess... Have a nice weekend Peter > Am 19.08.2017 um 08:31 schrieb André Warnier (tomcat) <a...@ice-sa.com>: > > 3 kids raised, 30 years of programming

Re: Where Tomcat webapp contexts live on Debian (NOT off-topic; A LEGITIMATE TECHNICAL QUESTION)

2017-08-16 Thread Peter Kreuser
That's what I tried to say... sorry I was maybe not specific enough... Peter > Am 17.08.2017 um 02:29 schrieb James H. H. Lampert <jam...@touchtonecorp.com>: > >> On 8/16/17, 11:43 AM, André Warnier (tomcat) wrote: >> , , , >> So as a start, look at /etc/init.d/tom

Re: Where Tomcat webapp contexts live on Debian

2017-08-15 Thread Peter Kreuser
I'd assume the service that starts tomcat sets the bin-Dir, that contains a setenv.sh, that has the CATALINA_HOME and BASE env-Varaibles, where you find the context-Files that have a docbase. I'd like to repeat the question: who did this setup? Peter Kreuser > Am 15.08.2017 um 23:45 schr

[2xOT] Re: More (Solved!) Re: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

2017-08-11 Thread Kreuser, Peter
I'm glad that we get so well over serious problems. Made my day :-) ! PS: André: Sorry for the top post. PPS: James: I still can't get over it, that you run Tomcat on AS400, my first contact to production systems back in '90. -Ursprüngliche Nachricht- Von: André Warnier (tomcat)

AW: I've just installed Tomcat (7.0.67) on an old CentOS 5 box. It can't be reached from outside the box.

2017-08-10 Thread Kreuser, Peter
can't reach the repos anymore. Best regards Peter >On 10.08.2017 08:46, André Warnier (tomcat) wrote: > On 10.08.2017 02:32, James H. H. Lampert wrote: >> This is weird. I've never seen this before. >> >> Then again, I don't think I've installed Tomcat on Linux from

Re: No traffic after upgrade to Tomcat 8.5.16 (loadbalancing issue)

2017-08-01 Thread Peter Kreuser
Bernd, > Am 01.08.2017 um 11:01 schrieb Bernd Wahlen <abernd.wah...@k2interactive.de>: > > Hi M, Peter and Christoph, > > >Have you tried taking the affected server out completely from the >farm? In > >this way, you have 4 tomcats seen by the

Re: No traffic after upgrade to Tomcat 8.5.16 (loadbalancing issue)

2017-07-31 Thread Peter Kreuser
----- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >> Do you see F5-healthcheck-requests in your accesslogs? If so, did you compare the old and new responses? If not, can the F5 reach your server, can you reach the HC-page? Is the F5-HC checking for specific values, headers, response codes? Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Server giving 404 since upgrade to Tomcat7

2017-07-27 Thread Flynn, Peter
Thanks very much. Apologies for top-posting but I'm using a phone mail client. I'm away at a conference until the 8th so I'll do this when I return. ///Peter On 25 July 2017 20:00:50 Christopher Schultz <ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- >

Re: Server giving 404 since upgrade to Tomcat7

2017-07-26 Thread Peter Kreuser
Hi all, > Am 25.07.2017 um 21:00 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >>> On 7/25/17 11:14 AM, Peter Flynn wrote: >>> On 24/07/17 11:57, Mark Thomas

Re: Server giving 404 since upgrade to Tomcat7

2017-07-25 Thread Peter Flynn
On 24/07/17 11:57, Mark Thomas wrote: > On 24/07/17 11:12, Flynn, Peter wrote: I must apologise first for unintentionally misleading you: the upgrade was from Tomcat 7.0.54-2 to 7.0.69-11, not from 6 to 7. I inherited this along with what was clearly bad information. > Running from a p

Server giving 404 since upgrade to Tomcat7

2017-07-24 Thread Flynn, Peter
ding or people to be able to hand-build everything.) ///Peter

  1   2   3   4   5   6   7   8   9   10   >