Tomcat SSL issue

2017-10-09 Thread John Ellis
I posted questions about this a couple of weeks ago I think it was. I have been trying to get Tomcat running on a secure port with a valid SSL certificate. We finally got version 9.0.0.M20 setup successfully on port 9443 and I can go to that IP:port and get a Tomcat webpage but when I go through

Tomcat APR / openssl

2017-10-09 Thread Wang, Jennifer
NONCONFIDENTIAL // EXTERNAL Hi I am looking openssl's SSL_CTX_set_psk_server_callback in APR & did not found it. Just wonder if there is way to set it. We need to use TLS-PSK. Thanks! Jennifer

Tomcat APR / openssl

2017-10-09 Thread Wang, Jennifer
NONCONFIDENTIAL // EXTERNAL Hi I am looking openssl's SSL_CTX_set_psk_server_callback in APR & did not found it. Just wonder if there is way to set it. We need to use TLS-PSK. Thanks! Jennifer

UpgradedServletInputStream.read EOF

2017-10-09 Thread Sergey Mashkov
Hi Could anybody explain me why UpgradedServletInputStream does fail with EOFException in non-blocking mode instead of returning -1 ? Where can I find exact Servlet API specification about this async API behaviour? java.io.EOFException at

Enforcing server preference for cipher suites

2017-10-09 Thread Harish Krishnan
Hi All, Need your expert input here. Not sure what I am doing wrong, but I cannot get this server preference cipher suites feature working. My setup: Latest tomcat 7.x build (which supports useServerCipherSuitesOrder attribute) Latest Java 1.8 build. No matter what value I set to this

Re: Tomcat SSL issue

2017-10-09 Thread Jose María Zaragoza
2017-10-09 17:01 GMT+02:00 John Ellis : > I posted questions about this a couple of weeks ago I think it was. I have > been trying to get Tomcat running on a secure port with a valid SSL > certificate. We finally got version 9.0.0.M20 setup successfully on port > 9443

Re: Tomcat SSL issue

2017-10-09 Thread Mark Thomas
On 09/10/17 16:01, John Ellis wrote: > I posted questions about this a couple of weeks ago I think it was. I > have been trying to get Tomcat running on a secure port with a valid SSL > certificate. We finally got version 9.0.0.M20 setup successfully on port > 9443 and I can go to that IP:port and

RE: Tomcat SSL issue

2017-10-09 Thread John Ellis
John Ellis 405.285.2500 office      http://biz-e.io -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, October 9, 2017 12:33 PM To: Tomcat Users List Subject: Re: Tomcat SSL issue On 09/10/17 16:01, John Ellis wrote: > I posted

Re: UpgradedServletInputStream.read EOF

2017-10-09 Thread Mark Thomas
On 09/10/17 15:51, Sergey Mashkov wrote: > Hi > > Could anybody explain me why UpgradedServletInputStream does fail with > EOFException in non-blocking mode instead of returning -1 ? I'm not sure why an EOFException is happening. My guess is multiple calls to read() without calling isReady()

RE: Tomcat SSL issue

2017-10-09 Thread John Ellis
John Ellis 405.285.2500 office http://biz-e.io -Original Message- From: Jose María Zaragoza [mailto:demablo...@gmail.com] Sent: Monday, October 9, 2017 11:25 AM To: Tomcat Users List Subject: Re: Tomcat SSL issue 2017-10-09 17:01 GMT+02:00 John Ellis

Re: Tomcat SSL issue

2017-10-09 Thread Mark Thomas
On 09/10/17 18:48, John Ellis wrote: > > > John Ellis > > 405.285.2500 office > > >      > > http://biz-e.io > > > -Original Message- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Monday, October 9, 2017 12:33 PM > To: Tomcat Users List > Subject:

installing certificates

2017-10-09 Thread Adam Pease
Hi, I'm running Tomcat 8.5.23 on an AWS Ubuntu Linux 16.04 LTS installation. I'm trying to follow the instructions at https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html to get HTTPS running under tomcat. My site runs with a self-signed certificate. Now I'm trying to install a proper

Re: installing certificates

2017-10-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Adam, On 10/9/17 4:24 PM, Adam Pease wrote: > Hi, I'm running Tomcat 8.5.23 on an AWS Ubuntu Linux 16.04 LTS > installation. I'm trying to follow the instructions at > https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html to get > HTTPS

Re: Enforcing server preference for cipher suites

2017-10-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Harish, On 10/9/17 12:31 PM, Harish Krishnan wrote: > Need your expert input here. Not sure what I am doing wrong, but I > cannot get this server preference cipher suites feature working. > > My setup: Latest tomcat 7.x build (which supports >

Re: Tomcat APR / openssl

2017-10-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jennifer, On 10/9/17 10:22 AM, Wang, Jennifer wrote: > I am looking openssl's SSL_CTX_set_psk_server_callback in APR & > did not found it. Just wonder if there is way to set it. We need to > use TLS-PSK. I don't believe there is an easy way to use

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 10/6/17 6:34 PM, James H. H. Lampert wrote: > On 10/6/17, 6:58 AM, Mark Thomas (Tomcat List) wrote: > >> It might help to think of it like this: >> >> There are the ciphers that a JVM supports. The JVM only enables >> sub-set of the

Re: Tomcat SSL issue

2017-10-09 Thread Terence M. Bandoian
On 10/9/2017 10:01 AM, John Ellis wrote: I posted questions about this a couple of weeks ago I think it was. I have been trying to get Tomcat running on a secure port with a valid SSL certificate. We finally got version 9.0.0.M20 setup successfully on port 9443 and I can go to that IP:port

Re: Enforcing server preference for cipher suites

2017-10-09 Thread Harish Krishnan
Thanks for the response, Chris. Below are my answers in order. To keep the response as short as possible, i have not included the ciphers list in the connector - a) Tomcat 7.0.79 (will be updating to 7.0.82) b) JRE 1.80_144 c) Our connector configuration is below. d) We are using NIO. e) I am

Re: installing certificates

2017-10-09 Thread Adam Pease
Hi Chris, Many thanks for the quick response! There's a lot of new terminology (to me) to all this and it's quite confusing I'm afraid. I tried Let's Encrypt just now but since I'm running Tomcat sites either I'm not doing it right, or it doesn't know how to verify domains when they

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-09 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 10/9/17 5:19 PM, Christopher Schultz wrote: > On 10/6/17 6:34 PM, James H. H. Lampert wrote: >> Noting that my connector tag is written using Tomcat 7 connector >> syntax, is there a good example of how to code a ciphers clause >> for

Re: installing certificates

2017-10-09 Thread Alex O'Ree
Graphical keystore tool - http://keystore-explorer.org/ It may make things easier On Mon, Oct 9, 2017 at 6:13 PM, Adam Pease wrote: > Hi Chris, > Many thanks for the quick response! There's a lot of new terminology (to > me) to all this and it's quite confusing

Re: ISAPI and IIS 10 Logging Issue

2017-10-09 Thread Mark Thomas
On 06/10/17 22:42, Mark Thomas wrote: > On 06/10/17 16:27, Mark Thomas wrote: >>> On 10.05.2017 8:54, Thomas, Michael wrote: >>> >>> Unfortunately I am not getting much traction with Microsoft. From the IIS >>> forum, it looks like they are pointing the finger in the direction of the >>>