RE: RHEL 8.6 ==> Tomcat Native 1.2.32 ==> OpenSSLEngine could not initialize

2023-06-22 Thread S Abirami
7:35 PM To: users@tomcat.apache.org Subject: Re: RHEL 8.6 ==> Tomcat Native 1.2.32 ==> OpenSSLEngine could not initialize Hello, On 6/22/23 07:47, S Abirami wrote: > Hi All, > > Our application using embedded tomcat 9.0.62 on RHEL linux environment. > Tomcat native version

RHEL 8.6 ==> Tomcat Native 1.2.32 ==> OpenSSLEngine could not initialize

2023-06-22 Thread S Abirami
Hi All, Our application using embedded tomcat 9.0.62 on RHEL linux environment. Tomcat native version :1.2.32 openssl version OpenSSL 1.1.1k After upgrading from RHEL 7.9 to RHEL 8.6 version, embedded tomcat throws an exception when starting the application for https. org.apache.catalina.uti

RE: CVE-2023-24998 : Apache Denial of Service

2023-03-16 Thread S Abirami
Thanks Mark -Original Message- From: Mark Thomas Sent: Thursday, March 16, 2023 2:34 PM To: users@tomcat.apache.org Subject: Re: CVE-2023-24998 : Apache Denial of Service On 16/03/2023 05:33, S Abirami wrote: > Hi All, > > Currently, In our product we are using 9.0.65 v

CVE-2023-24998 : Apache Denial of Service

2023-03-15 Thread S Abirami
Hi All, Currently, In our product we are using 9.0.65 version of Tomcat. We are not using FileUpload option in any of our application and in Servlet. We don't have any config to limit the file uploads also. Whether our attacker still able to perform a malicious upload to our server via url. Plea

CVE-2023-24998 : Apache Denial of Service

2023-03-15 Thread S Abirami
Hi All, Currently, In our product we are using 9.0.65 version of Tomcat. We are not using FileUpload option in any of our application and in Servlet. We don't have any config to limit the file uploads also. Whether our attacker still able to perform a malicious upload to our server via url. Plea

RE: xsd version used for web.xml etc

2021-10-21 Thread S Abirami
Thanks a lot Mark. -Original Message- From: Mark Thomas Sent: Thursday, October 21, 2021 4:23 PM To: users@tomcat.apache.org Subject: Re: xsd version used for web.xml etc On 21/10/2021 10:37, S Abirami wrote: > Hi Thomas, > > How I can identify whether the schema validation e

RE: xsd version used for web.xml etc

2021-10-21 Thread S Abirami
: xsd version used for web.xml etc On 21/10/2021 09:45, S Abirami wrote: > Hi All, > > In web.xml, if we didn't define any xsd schema or dtd schema which version of > xsd will be loaded for Tomcat 9.0.45. By default none - whether a schema is defined or not. Schemas ar

RE: xsd version used for web.xml etc

2021-10-21 Thread S Abirami
Thanks Thomas. -Original Message- From: Mark Thomas Sent: Thursday, October 21, 2021 2:40 PM To: users@tomcat.apache.org Subject: Re: xsd version used for web.xml etc On 21/10/2021 09:45, S Abirami wrote: > Hi All, > > In web.xml, if we didn't define any xsd schema or dt

RE: xsd version used for web.xml etc

2021-10-21 Thread S Abirami
used for web.xml etc My guess, the one that is specified in TOMCAT_BASE/conf/web.xml -Original Message- From: S Abirami Sent: donderdag 21 oktober 2021 10:46 To: Tomcat Users List Subject: xsd version used for web.xml etc Hi All, In web.xml, if we didn't define any xsd schema o

xsd version used for web.xml etc

2021-10-21 Thread S Abirami
Hi All, In web.xml, if we didn't define any xsd schema or dtd schema which version of xsd will be loaded for Tomcat 9.0.45. Regards, Abirami.S

RE: TLSv1.3 Support in Tomcat

2021-06-29 Thread S Abirami
https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites TLSv1.3 supports 5 cipher suites and none is in your list. - Daniel Savard Le mar. 29 juin 2021 à 01:44, S Abirami a écrit : > Hi Christopher, > > Below is my Connector element, sslEnabledProtocols =TLSv1.2

RE: TLSv1.3 Support in Tomcat

2021-06-29 Thread S Abirami
juin 2021 à 01:44, S Abirami a écrit : > Hi Christopher, > > Below is my Connector element, sslEnabledProtocols =TLSv1.2 ,TLS 1.3 > it is working fine with TLSv1.2. When sslEnabledProtocols=TLSv1.3, > Tomcat is started but, the browser unable to perform handshake with weba

RE: TLSv1.3 Support in Tomcat

2021-06-28 Thread S Abirami
, Abirami.S -Original Message- From: Christopher Schultz Sent: Monday, June 28, 2021 7:27 PM To: users@tomcat.apache.org Subject: Re: TLSv1.3 Support in Tomcat Abirami, On 6/28/21 07:16, S Abirami wrote: > TLSv1.3 support is available in Tomcat. > > I tried just updating s

RE: TLSv1.3 Support in Tomcat

2021-06-28 Thread S Abirami
Hi All, We are using Tomcat 9.0.46 and JDK 8u291 Regards, Abirami.S -Original Message- From: S Abirami Sent: Monday, June 28, 2021 4:47 PM To: Tomcat Users List Subject: TLSv1.3 Support in Tomcat Hi All, TLSv1.3 support is available in Tomcat. I tried just updating server.xml

TLSv1.3 Support in Tomcat

2021-06-28 Thread S Abirami
Hi All, TLSv1.3 support is available in Tomcat. I tried just updating server.xml[sslEnabledProtocols=TLSv1.3] and restarted tomcat. It doesn't work. Please let me know any other configuration also needs to be changed. Regards, Abirami.S

Tomcat JreMemoryLeakPreventionListener Testing scenario

2021-06-02 Thread S Abirami
Hi Team, As part of CISCAT Tomcat 9 benchmark, we have added JreMemoryLeakPreventionListener in server.xml. We understood that it prevents memory leak. Do you any tool (or) testcase to test this functionality is working fine in our product? Please let us know, if any input available. Regards,

RE: Embedded Tomcat 9.0.33

2021-03-21 Thread S Abirami
Thanks Christopher for detailed explanation with testing tools. -Original Message- From: Christopher Schultz Sent: Sunday, March 21, 2021 9:02 AM To: users@tomcat.apache.org Subject: Re: Embedded Tomcat 9.0.33 Abirami, On 3/20/21 11:36, S Abirami wrote: > We have deployed embed

Embedded Tomcat 9.0.33

2021-03-20 Thread S Abirami
Hi ALL, We have deployed embedded tomcat in RHEL 7 with jdk 1.8. For sweet32 vulnerability, we have configured jdk.tls.disabled.algorithm to remove the encryption cipher have 64bit block size. I need a clarification whether JDK configuration is enough for embedded tomcat to avoid sweet32 atta

RE: Embedded and Standalone Tomcat

2020-08-21 Thread S Abirami
Thanks Mark Thomas. -Original Message- From: Mark Thomas Sent: Friday, August 21, 2020 4:03 PM To: users@tomcat.apache.org Subject: Re: Embedded and Standalone Tomcat On 21/08/2020 11:27, S Abirami wrote: > Hi All, > > In our application, we used to create embedded tomcat in

Embedded and Standalone Tomcat

2020-08-21 Thread S Abirami
Hi All, In our application, we used to create embedded tomcat instance by taking a copy of lib jars from the Deployable Tomcat. It's working properly. I have noticed that there is some jars in Embed package https://mirrors.estointernet.in/apache/tomcat/tomcat-9/v9.0.37/bin/embed/apache-tomcat-9.

RE: SameSite attribute handling

2020-07-06 Thread S Abirami
11:07 PM To: Tomcat Users List Subject: Re: SameSite attribute handling -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Abirami, On 7/1/20 03:06, S Abirami wrote: > We can add the samesite attribute in set-cookie header through > context.xml entry in tomcat. Is there any other way, can

SameSite attribute handling

2020-07-01 Thread S Abirami
Hi All, We can add the samesite attribute in set-cookie header through context.xml entry in tomcat. Is there any other way, can we add samesite attribute in response of set-cookie header. Context changes reflecting issue in tenable vulnerable. Hence looking for any other way. I tried with

RE: context.xml under META-INF was not working

2020-06-11 Thread S Abirami
x27;t have SameSite attribute. Regards, Abirami.S -Original Message- From: Mark Thomas Sent: Thursday, June 11, 2020 8:19 PM To: Tomcat Users List Subject: RE: context.xml under META-INF was not working On June 11, 2020 2:32:51 PM UTC, S Abirami wrote: >Hi Mark, > >We are using A

RE: context.xml under META-INF was not working

2020-06-11 Thread S Abirami
. Regards, Abirami.S -Original Message- From: Mark Thomas Sent: Thursday, June 11, 2020 7:27 PM To: users@tomcat.apache.org Subject: Re: context.xml under META-INF was not working On 11/06/2020 12:46, S Abirami wrote: > Hi Mark, > > The below is the content of the co

RE: context.xml under META-INF was not working

2020-06-11 Thread S Abirami
Hi Mark, The below is the content of the context.xml Regards, Abirami.S -Original Message- From: Mark Thomas Sent: Thursday, June 11, 2020 5:12 PM To: users@tomcat.apache.org Subject: Re: context.xml under META-INF was not working On 11/06/2020 11:42, S Abirami wrote: > Hi

RE: context.xml under META-INF was not working

2020-06-11 Thread S Abirami
Hi All, I want to configure SameSite attribute to the specific web-application. For that, I have updated the context.xml of specific web application located in /META-INF/context.xml It is not working. Only the changes in global context.xml is working. Please guide to solve the issue. Regard

RE: Regarding context.xml changes impact other web service not deployed

2020-06-09 Thread S Abirami
: Mark Thomas Sent: Tuesday, June 9, 2020 1:50 PM To: users@tomcat.apache.org Subject: Re: Regarding context.xml changes impact other web service not deployed On 09/06/2020 06:59, S Abirami wrote: > Hi Team, > > In our product to address security vulnerability in context.xml,

RE: Regarding context.xml changes impact other web service not deployed

2020-06-09 Thread S Abirami
pache%2Ftomcat%2Futil%2Fhttp%2FLegacyCookieProcessor.java El mar., 9 jun. 2020 a las 7:59, S Abirami () escribió: > Hi Team, > > In our product to address security vulnerability in context.xml, > we have introduced following entry > > > > > After introducing the above line, I noticed f

Regarding context.xml changes impact other web service not deployed

2020-06-08 Thread S Abirami
Hi Team, In our product to address security vulnerability in context.xml, we have introduced following entry After introducing the above line, I noticed few rest service which is not deployed in that Tomcat also getting impact. Deployment Details Deployed :RHEL Tomcat Installatio

RE: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11

2018-10-29 Thread S Abirami
On 29/10/2018 12:36, S Abirami wrote: > Hi Mark, > > Thanks for response . > > Please confirm whether > > Windows_Update has Window Size Increment (31) is configurable in Tomcat. > SETTINGS_MAX_FRAME_SIZE : Whether this param is configurable in Tomcat and &g

RE: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11

2018-10-29 Thread S Abirami
Thomas [mailto:ma...@apache.org] Sent: Monday, October 29, 2018 5:53 PM To: users@tomcat.apache.org Subject: Re: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11 On 29/10/18 06:21, S Abirami wrote: > Hi Mark Thomas, > > Thanks for response. > > Need input on

RE: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11

2018-10-28 Thread S Abirami
7, 2018 11:24 PM To: users@tomcat.apache.org Subject: Re: HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11 On 27/10/18 17:27, S Abirami wrote: > Hi All, > > I want your guidance how to set the below Setting Parameters and > Wndows_Update using Tomcat. > S

HTTP/2 SETTINGS Parameters and WINDOW_UPDATE : Tomcat:9.0.11

2018-10-27 Thread S Abirami
Hi All, I want your guidance how to set the below Setting Parameters and Wndows_Update using Tomcat. SETTINGS_HEADER_TABLE_SIZE, SETTINGS_ENABLE_PUSH, SETTINGS_INITIAL_WINDOW_SIZE etc which is mentioned 6.5.2 section in RFC 7540 Similarly How to set the Windows_Update using Tomcat whic

Embedded Tomcat 9.0.11 : Already port in use

2018-10-11 Thread S Abirami
Hi All, I have checked the port is not in use before allocating to the connector and started the tomcat. During start , it's mentioning that Port already in use. It is going and binding to the Application Server where this app is deployed. SERVER -- > Ran Embedded tomcat server in that

RE: Encrypt Keystore password in server.xml 8.0.45

2017-09-11 Thread S Abirami
ssword= Please share your input. Regards, Abirami.S -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, September 11, 2017 4:03 PM To: Tomcat Users List Subject: Re: Encrypt Keystore password in server.xml 8.0.45 On 11/09/17 10:11, S Abirami wrote: > > Hi A

RE: Encrypt Keystore password in server.xml 8.0.45

2017-09-11 Thread S Abirami
Subject: Re: Encrypt Keystore password in server.xml 8.0.45 On 11/09/17 10:11, S Abirami wrote: > > Hi All, > > I have to encrypt keystore password in server.xml. https://wiki.apache.org/tomcat/FAQ/Password Mark

RE: Encrypt Keystore password in server.xml 8.0.45

2017-09-11 Thread S Abirami
Hi All, I have to encrypt keystore password in server.xml. For decrypting ,I have inherited the class Http11Nio2Protocol[Http11Nio2ProtocolDecryptProp extends Http11Nio2Protocol] and decrypted in setKeyStorePass overridden method then set that to endpoint keystorePass and super class setKeyS

Encrypt Keystore password in server.xml 8.0.45

2017-09-11 Thread S Abirami
Hi All, I have to encrypt keystore password in server.xml. For decrypting ,I have inherited the class Http11Nio2Protocol[Http11Nio2ProtocolDecryptProp extends Http11Nio2Protocol] and decrypted in setKeyStorePass overridden method then set that to endpoint keystorePass and super class setKeySt

Encrypt Keystore password in server.xml 8.0.45

2017-09-11 Thread S Abirami
Hi All, I have to encrypt keystore password in server.xml. For decrypting ,I have inherited the class Http11Nio2Protocol[Http11Nio2ProtocolDecryptProp extends Http11Nio2Protocol] and decrypted in setKeyStorePass overridden method then set that to endpoint keystorePass and super class setKeyS

Encrypt Keystore password in server.xml

2017-09-11 Thread S Abirami
Hi All, I have to encrypt keystore password in server.xml. For decrypting ,I have inherited the class Http11Nio2Protocol[Http11Nio2ProtocolDecryptProp extends Http11Nio2Protocol] and decrypted in setKeyStorePass overridden method then set that to endpoint keystorePass and super class setKeySt

RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x

2017-08-04 Thread S Abirami
pgrade from 8.0.x to 8.0.x On 04/08/17 10:49, S Abirami wrote: > but the method call of = Tomcat.addwebapp(contextpath,docpath); itself > triggering this exception. > So whatever I need to do before addwebapp. From the Javadoc: This is equivalent to adding a web application to T

RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x

2017-08-04 Thread S Abirami
pgrade from 8.0.x to 8.0.x On 04/08/17 10:49, S Abirami wrote: > but the method call of = Tomcat.addwebapp(contextpath,docpath); itself > triggering this exception. > So whatever I need to do before addwebapp. From the Javadoc: This is equivalent to adding a web application to T

RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x

2017-08-04 Thread S Abirami
method call of = Tomcat.addwebapp(contextpath,docpath); itself triggering this exception. So whatever I need to do before addwebapp. Regards, Abirami.S -Original Message- From: S Abirami Sent: Friday, August 04, 2017 3:08 PM To: Tomcat Users List Subject: RE: Embedded Tomcat throws

RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x

2017-08-04 Thread S Abirami
following: JarScanner jsc = new JarScanner() { public void scan(ServletContext arg0, ClassLoader arg1, JarScannerCallback arg2, Set arg3) { // DUMMY NOTHING } }; context.setJarScanner(jsc); On 4 August 2017 at 09:35, S Abirami wrote: > Hi , > > It is contextPath is

RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x

2017-08-04 Thread S Abirami
https://tomcat.apache.org/tomcat-8.0-doc/config/jar-scanner.html Please update. Regards, On 4 August 2017 at 08:50, S Abirami wrote: > Hi, > > I am trying to create EmbeddedTomcat so no context.xml created. > Tomcat t=new Tomcat(); > Everything through object creation. &g

RE: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x

2017-08-04 Thread S Abirami
: Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x Hi, What is in your context.xml file? You can find it in conf directory. Regards, On 4 August 2017 at 08:43, S Abirami wrote: > Hi , > > I am using Embedded tomcat to create webapp. when I am

Embedded Tomcat throws FileNotFoundException for TldScanner upgrade from 8.0.x to 8.0.x

2017-08-04 Thread S Abirami
Hi , I am using Embedded tomcat to create webapp. when I am trying to add web app it is throwing the following exception but Server started successfully. However,I need to eradicate this exception from the log. java.io.FileNotFoundException: /var/lib/jide-grids.jar (No such file or direct