Tomcat Connectors release

2015-05-14 Thread George Stanchev
Hello, What is the schedule for Connectors release? Is a release scheduled when a critical mass of issues fixed or a major problem is resolved or a regular time-based release? George

Issue with a principal and remote_user

2015-04-17 Thread George Stanchev
I posted this on the dev list but I must have placed it on the wrong list... I am running IIS+jk_connect+Tomcat 7.0.59 but this issue was replicated on Tomcat 5.5.36. We are using a security filter from a 3rd party that is failing to engage while requests are sent over AJP via jk_connect. I was

RE: useServerCipherSuitesOrder in 7.0.62

2015-06-24 Thread George Stanchev
-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, June 24, 2015 8:37 AM To: Tomcat Users List Subject: Re: useServerCipherSuitesOrder in 7.0.62 -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 George, On 6/15/15 10:08 AM, George Stanchev wrote

RE: Forcing SSL Renotiation

2015-06-26 Thread George Stanchev
: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, June 26, 2015 10:06 AM To: Tomcat Users List Subject: Re: Forcing SSL Renotiation -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 George, On 6/26/15 10:04 AM, George Stanchev wrote: You didn't specify your Tomcat version

RE: Forcing SSL Renotiation

2015-06-26 Thread George Stanchev
Hi Steffen You didn't specify your Tomcat version. In Tomcat 7 or 8 or 9 we use the following code. Not sure if it will work on 6. For a long time until very recently we were stuck on 5.5 and the attribute below is not available. So I had to write a reflection introspection to drill down to

RE: useServerCipherSuitesOrder in 7.0.62

2015-06-15 Thread George Stanchev
Is there any chance for the OpenSSL-style ciphers to be backported to the 7 release line? -Original Message- From: George Stanchev [mailto:gstanc...@serena.com] Sent: Saturday, June 13, 2015 11:41 AM To: Tomcat Users List Subject: RE: useServerCipherSuitesOrder in 7.0.62 Thanks

RE: useServerCipherSuitesOrder in 7.0.62

2015-06-13 Thread George Stanchev
Subject: Re: useServerCipherSuitesOrder in 7.0.62 2015-06-13 15:36 GMT+03:00 George Stanchev gstanc...@serena.com: Hi, I was looking at [1] and it looks the new attribute is available in 7.0.61 onwards as per Violeta's comment. However I cannot find this new attribute in the HTTP connector

useServerCipherSuitesOrder in 7.0.62

2015-06-13 Thread George Stanchev
Hi, I was looking at [1] and it looks the new attribute is available in 7.0.61 onwards as per Violeta's comment. However I cannot find this new attribute in the HTTP connector documentation [2] nor the changelog [3]. Can someone confirm or deny the availability of this attribute

RE: Problem specifying cipher suites in tomcat6

2015-05-29 Thread George Stanchev
Chris, thanks for sharing this. I've recently ran across a similar tool: http://www.bolet.org/TestSSLServer/ That does the same thing as your code but may be a little bit more elaborate. It also has a source code on link. Since you has shared your code, I might as well share this - the more

RE: Problem specifying cipher suites in tomcat6

2015-05-29 Thread George Stanchev
I don't see where he blamed the developers for anything. The poster even admitted it was their fault. I think it is reasonable to warn the OP that any change can result in issue. Even if you're doing everything correctly, there is a change of running in a new Tomcat issue or a regression or

RE: [OT] Re: Filter behaviour

2015-06-29 Thread George Stanchev
For SOAP, you *MUST* send back 500 or 400 with your SOAP fault back. [1] http://www.w3.org/TR/soap12-part2/#tabresstatereccodes -Original Message- From: Leo Donahue [mailto:donahu...@gmail.com] Sent: Saturday, June 27, 2015 11:45 PM To: Tomcat Users List Subject: [OT] Re: Filter

RE: [OT] Re: Filter behaviour

2015-06-29 Thread George Stanchev
processing error. George [1] http://www.w3.org/TR/2000/NOTE-SOAP-2508/#_Toc478383529 -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, June 29, 2015 8:56 AM To: Tomcat Users List Subject: Re: [OT] Re: Filter behaviour George Stanchev wrote: For SOAP, you

RE: AW: AW: Suppress or replace WWW-Authorization header

2015-10-28 Thread George Stanchev
On 28.10.2015 17:42, Torsten Rieger wrote: > -Ursprüngliche Nachricht- > Von: Aurélien Terrestris [mailto:aterrest...@gmail.com] > Gesendet: Mittwoch, 28. Oktober 2015 16:45 > An: Tomcat Users List > Betreff: Re: AW: Suppress or replace WWW-Authorization header >

RE: Tomcat Server and PHP Extensions

2015-10-28 Thread George Stanchev
You need Apache, not Tomcat -Original Message- From: Chris Thompson [mailto:cthomp...@conveyor-dynamics.com] Sent: Wednesday, October 28, 2015 5:20 PM To: users@tomcat.apache.org Subject: Tomcat Server and PHP Extensions Does Tomcat Server support PHP extensions? I am looking at

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-13 Thread George Stanchev
of the ClientHello record, not how it is wrapped which happens later when the record is being serialized to the socket... Anyways, thanks to all for the tip but it doesn't make a difference...still bad mac record... George -Original Message- From: George Stanchev [mailto:gstanc

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-15 Thread George Stanchev
Aurélien, I added good_run.pcap and bad_run.pcap to that dropbox location [1]. I also think this needs to be looked at by MS engineers. I am following up on my support case but really not getting anywhere... George [1] https://www.dropbox.com/sh/az1r3agxx4w8r7e/AACRGedBG3G5oh4-qE9652WNa?dl=0

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-14 Thread George Stanchev
on algorithm and the cryptographic hash function negotiated during the client hello and server hello, and using the secret key that the client sent to the server during the client key exchange. The handshake can be renegotiated at this time. See the next section for details." 2015-10-1

RE: Demand CLIENT-CERT only on certain pages but demand SSL in all pages

2015-10-06 Thread George Stanchev
Mark, What are the possible issues with renegotiation? We're on NIO connectors, is there anything known? George -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, October 05, 2015 8:32 AM To: Tomcat Users List Subject: Re: Demand CLIENT-CERT only on certain

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-13 Thread George Stanchev
/15 12:46 PM, George Stanchev wrote: > One more clarification: on point [6] below I stated that Java is able > to recover with a retry on a cached connection. Unfortunately that is > only valid for higher level classes like HttpUrlConnection which makes > 1 retry on IOException (and o

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-13 Thread George Stanchev
have some movement forward. George [1] http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html -Original Message----- From: George Stanchev [mailto:gstanc...@serena.com] Sent: Tuesday, October 13, 2015 10:26 AM To: Tomcat Users List Subject: RE: [OT] Tomcat 7.0.5

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-13 Thread George Stanchev
d_record_mac -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 George, On 10/13/15 12:35 PM, George Stanchev wrote: > [1] states: " JDK 7-9 enables SSLv2Hello on the server side only. > (Will not send, but will accept SSLv2Hellos)" Interesting. This absolutely makes sense, thoug

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-13 Thread George Stanchev
[OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac George, do you have any network capture that we can see ? 2015-10-13 22:10 GMT+02:00 George Stanchev <gstanc...@serena.com>: > >> It might be doable with OpenSSL s_client or something. Tough to >

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-13 Thread George Stanchev
Aurélien Terrestris <aterrest...@gmail.com>: > George, > > do you have any network capture that we can see ? > > 2015-10-13 22:10 GMT+02:00 George Stanchev <gstanc...@serena.com>: > >> >> It might be doable with OpenSSL s_client or something. Tough to >> r

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-13 Thread George Stanchev
produces the problem, I'll try with JTouch ( jtouch.sourceforge.net ) or write a small client. 2015-10-13 22:22 GMT+02:00 Aurélien Terrestris <aterrest...@gmail.com>: > George, > > do you have any network capture that we can see ? > > 2015-10-13 22:10 GMT+02:00 George Stanchev

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-13 Thread George Stanchev
sourceforge.net ) or write a small client. > > > > > 2015-10-13 22:22 GMT+02:00 Aurélien Terrestris <aterrest...@gmail.com>: > >> George, >> >> do you have any network capture that we can see ? >> >> 2015-10-13 22:10 GMT+02:00 George Stanchev <

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-13 Thread George Stanchev
ut to write a TLS client using a SSLv2Hello, you will call getInstance("TLS") and setEnabledProtocols("SSLv2"). I hope things are more understandable :) 2015-10-13 23:12 GMT+02:00 George Stanchev <gstanc...@serena.com>: > Ok, may be you are ahead of me on t

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-13 Thread George Stanchev
's working. Not making advertisement for my software here, but,.. ;) 2015-10-13 23:20 GMT+02:00 George Stanchev <gstanc...@serena.com>: > Just as a side note, https.protocols is read by HttpsUrlConnection > which feeds it down through setEnabledProtocols() on the SSL socket. "

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-09 Thread George Stanchev
Just for the record, https.protocols is a property used by the HttpsUrlConnection class. If your app is using a client that doesn't rely on the internal Oracle HTTP client, it's better to use " jdk.tls.client.protocols" which is read directly by the socket/SSL classes. Apache Http Client is one

RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac

2015-10-09 Thread George Stanchev
-level sockets just throw and that’s it... -Original Message- From: George Stanchev [mailto:gstanc...@serena.com] Sent: Friday, October 09, 2015 10:40 AM To: Tomcat Users List Subject: RE: [OT] Tomcat 7.0.55/Jre 7u67: SEND TLSv1 ALERT: fatal, description = bad_record_mac Just for the record

RE: Tomcat 7.0.55 Not loading truststore or keystore

2015-09-01 Thread George Stanchev
Hi Diarmuid, We have run similar issue with client cert SSL. Is your 3rd party web service hosted on Windows/IIS? George -Original Message- From: dmccrthy [mailto:dmccr...@gmail.com] Sent: Tuesday, September 01, 2015 11:07 AM To: Tomcat Users List Subject: Tomcat 7.0.55 Not loading

RE: Relative redirects in light of recent changes

2016-02-10 Thread George Stanchev
> > However, with useRelativeRedirects="false" I see > > > > GET http://hostname/myapp?m=n=p > > ==> 302: "http://hostname/login?a=b=d; > > > > The questions I have are 2: First, what happened with the trailing slash > redirect. I vaguely remember discussions around it but I couldn't

RE: Relative redirects in light of recent changes

2016-02-08 Thread George Stanchev
In Tomcat 7.0.67 with no "useRelativeRedirects" set on the context (which defaults it to "true"), I see GET http://hostname/myapp?m=n=p ==> 302: "login?a=b=d" Now, this is expected behavior given the fix for [1] [1] http://bz.apache.org/bugzilla/show_bug.cgi?id=56917 I reread

Relative redirects in light of recent changes

2016-02-08 Thread George Stanchev
Hi, Recent changes to Tomcat altered the behavior of our applications a bit so I've got couple of questions. The versions in questions are 7.0.64 and 7.0.67. I am aware of which is also described in the changelog for 7.0.67. I have a filter acts on application "/myapp" that does a redirect in

RE: Relative redirects in light of recent changes

2016-02-09 Thread George Stanchev
> However, with useRelativeRedirects="false" I see > > GET http://hostname/myapp?m=n=p > ==> 302: "http://hostname/login?a=b=d; > > The questions I have are 2: First, what happened with the trailing slash > redirect. I vaguely remember discussions around it but I couldn't find

RE: Relative redirects in light of recent changes

2016-02-08 Thread George Stanchev
Hi, Recent changes to Tomcat altered the behavior of our applications a bit so I've got couple of questions. The versions in questions are 7.0.64 and 7.0.67. I am aware of which is also described in the changelog for 7.0.67. I have a filter acts on application "/myapp" that does a redirect

RE: client ssl renegotiation after invalidating session

2016-01-29 Thread George Stanchev
-Original Message- From: Gael Abadin [mailto:gael.aba...@imatia.com] Sent: Friday, January 29, 2016 10:33 AM To: Tomcat Users List Subject: client ssl renegotiation after invalidating session I want to invalidate the client ssl cert authentication after the user logs out of my

RE: client ssl renegotiation after invalidating session

2016-02-01 Thread George Stanchev
-logout-relogin : http://stackoverflow.com/questions/10229027/how-to-trigger-ssl-rehandshake-on-a-web-browser For the time being I'll just warn the users that they are not being truly logged out until they close all browser windows. 2016-01-29 18:56 GMT+01:00 George Stanchev <gst

RE: Unable to find IIS Tomcat Connector 1.2.41 dll

2016-02-03 Thread George Stanchev
You might want to explore this thread: http://marc.info/?l=tomcat-user=145399491702444=2 which also points to this thread http://tomcat.markmail.org/message/lyxmf5zof5csf6bn Regards, George -Original Message- From: McKenzie, Mitch [mailto:mmcken...@markelcorp.com] Sent: Wednesday,

AJP protocol auto-switching default

2016-03-10 Thread George Stanchev
Perhaps I am overlooking something, but the documentation for AJP [1] states for "protocol" The standard protocol value for an AJP connector is AJP/1.3 which uses an auto-switching mechanism to select either a Java based connector or an APR/native based connector. If the PATH (Windows) or

RE: AJP protocol auto-switching default

2016-03-10 Thread George Stanchev
> Perhaps I am overlooking something, but the documentation for AJP [1] > states for "protocol" > > > The standard protocol value for an AJP connector is AJP/1.3 which uses > an auto-switching mechanism to select either a Java based connector or > an APR/native based connector. If the PATH

RE: AJP protocol auto-switching default

2016-03-10 Thread George Stanchev
-Original Message- From: Rémy Maucherat [mailto:r...@apache.org] Sent: Thursday, March 10, 2016 4:41 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: AJP protocol auto-switching default 2016-03-11 0:38 GMT+01:00 George Stanchev <gstanc...@serena.com>: >

RE: Understanding how to controlling what data is written to log4j appenders

2016-03-10 Thread George Stanchev
If you run tomcat via the windows server wrapper, you can "%TOMCAT_EXE%" //US//%TOMCAT_SERVICE_NAME% --StdOutput "%TOMCAT_CONSOLE_LOG%" --StdError "%TOMCAT_CONSOLE_LOG%" Which will redirect the stderr and stdoout to the corresponding log files George -Original Message- From: Joleen

RE: Windows Authentication

2016-03-04 Thread George Stanchev
It does not look like HTTP Basic. Did you try different browsers? IE, Chrome, FF? Do you get same behavior with all? Is the user logging in member of the domain your IWA is set up to? If you set up a 3rd party IWA provider (such as Waffle), does it act the same on all 3 browsers? There was a

RE: sadfasdf

2016-04-19 Thread George Stanchev
It could be someone’s kids. I know mine has done similar damage. With tablets and iphones hosting parent’s work pluce junior’s entertainment it could have happened. Let us be gentle :) From: Nick Childs [mailto:nchi...@ramsoft.com] Sent: Tuesday, April 19, 2016 8:55 PM To: Tomcat Users List

RE: NullPointerExceptions from Coyote over SSL

2016-07-27 Thread George Stanchev
Peter, Depending at which slot you plug in BC in the Security context it might or it might not get used depending on the cipher suites used by you SSL connection. JSSE will ask Java for crypto implementation from the list of JCE providers and if your BC is high on the list, it will get used.

log4j in Tomcat 8.5

2017-02-02 Thread George Stanchev
Hi, I am transitioning from Tomcat 7.0 to Tomcat 8.5 and I was wondering what do I need to do to use log4j in 8.5. Reading this bug [1], it states that the support for the for log4j has been dropped since it is EOLed. Now, there is a comment on this issue from Mark that says that it is applied

RE: Apache Tomcat 7.0.59 - Even if a ws certificate stored in the WSkeystore expires, any webclient request is still accepted by server and not refused

2017-02-07 Thread George Stanchev
Mark, Apologies for top posting. We have our own trust manager that is attached to the connector because we want client certificates to be passed in the application for validation and authentication rather than the connector. If we switch to the OpenSSL/APR based certificate processing, would

RE: Issue with static file in Tomcat 8.5.17

2017-07-07 Thread George Stanchev
-Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, July 07, 2017 1:05 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Issue with static file in Tomcat 8.5.17 On 07/07/2017 19:09, George Stanchev wrote: > Hi, .. > Please let

Issue with static file in Tomcat 8.5.17

2017-07-07 Thread George Stanchev
Hi, The current Tomcat 8.5.17 is under vote for release with +1s only. I took the liberty to download the distributable before officially announced and am running into an issue with it. Static file that used to download in 8.5.16 and below now it doesn't. Chrome reports: jquery-1.8.3.min.js:1

RE: Issue with static file in Tomcat 8.5.17

2017-07-07 Thread George Stanchev
On 07/07/2017 20:56, George Stanchev wrote: > Sorry, I didn't realize there is a -d option that gives you the full request > and response. Here is the dump: Thanks for the extra information. I can't reproduce this yet. I'm going to hold off on closing the currently running votes until

RE: Issue with static file in Tomcat 8.5.17

2017-07-07 Thread George Stanchev
Sorry, I didn't realize there is a -d option that gives you the full request and response. Here is the dump: c:\>wget -d -S http://hostname:8085/testapp/javascript/jquery-1.8.3.min.js SYSTEM_WGETRC = c:/progra~1/wget/etc/wgetrc syswgetrc = C:\bin\gnuwin32/etc/wgetrc Setting --server-response

RE: Issue with static file in Tomcat 8.5.17

2017-07-20 Thread George Stanchev
>> The problem is related to the new code that handles the case when a >> file is stored in one encoding but served in another. Since changing >> encodings can change the value and number of bytes served (for example >> serving £ in UTF-8 requires two bytes but only one in ISO-8859-1). >>

warning in tomcat logs

2017-04-29 Thread George Stanchev
TC 8.5.14 and noticed in the logs the following warning: "The truststoreProvider [AnyCert] does not support the certificateVerificationDepth configuration option" In our case, we're using Shib's AnyCert trust manager to accept any client cert on a particular connector as described here [1]. I

RE: warning in tomcat logs

2017-05-02 Thread George Stanchev
-Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Sunday, April 30, 2017 5:02 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: warning in tomcat logs On 29/04/17 15:13, George Stanchev wrote: > TC 8.5.14 and noticed in the logs the followin

RE: warning in tomcat logs

2017-05-02 Thread George Stanchev
>> This has been fixed in 8.5.x for 8.5.15 onwards and 9.0.x for 9.0.0.M21 >> onwards. Thanks Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org

jk connector + http2

2017-05-25 Thread George Stanchev
Hi, Is a HTTP/2 call to Tomcat proxied via IIS / JK Connector (Tomcat Connector) expected to succeed? George

RE: ISAPI and IIS 10 Logging Issue

2017-10-05 Thread George Stanchev
> Note that also in the course of my investigations, somewhere I found a phrase > to the effect that Mirosoft would be discouraging the future use of ISAPI > modules in IIS, and recommends some other architecture instead now. Do you remember where you saw that? Can you provide a link?

RE: building TC 8.5 with checkstyle

2017-12-07 Thread George Stanchev
>On 07/12/17 21:12, Mark Thomas wrote: >> On 07/12/17 20:48, George Stanchev wrote: >>> I am trying to build TC 8.5.24 from source and running into checkstyle >>> validation issues [1]. I looked at >>> https://tomcat.apache.org/tomcat-8.5-doc/building.

building TC 8.5 with checkstyle

2017-12-07 Thread George Stanchev
I am trying to build TC 8.5.24 from source and running into checkstyle validation issues [1]. I looked at https://tomcat.apache.org/tomcat-8.5-doc/building.html and couldn't find anything that suggest that the default target would not build, neither checkstyle is mentioned. It is not a

client cert authentication

2018-05-04 Thread George Stanchev
I guess I am looking for some pointers how to approach a certain scenario from "the right way" of implementing it. Say you have a standard login form with user/pass edits and "Login" and "Smartcard" buttons. The "Login" button does Its obvious thing. The "Smartcard" button authenticates the

RE: log4j

2018-05-18 Thread George Stanchev
Depends on what you're asking. If you're asking to use log4j to capture Tomcat logging, then the answer is - you can't but you can use Log4j2 or JULI. If the question is how to use log4j for your apps deployed under Tomcat, then answer can be found easily... From: Cheltenham, Chris

RE: Using Environment variables instead of Java -D properties for context.xml substitution

2018-01-22 Thread George Stanchev
Can you use catalina.properties? From the docs [1] " All system properties are available including those set using the -D syntax, those automatically made available by the JVM and those configured in the $CATALINA_BASE/conf/catalina.properties file." [1]

RE: Security of AJP

2018-02-28 Thread George Stanchev
It is used, for example, if you want to front Tomcat by Apache Web Server or by IIS (among others). In those cases the HTTP processing is done in the front system and if necessary it is proxied to Tomcat via AJP. You take HTTP request from that system, put it in an AJP record and send it over

RE: Number of Web Applications in one Tomcat: THANKS!

2018-10-31 Thread George Stanchev
This is an interesting discussion. Are there any guides to alleviating management work of such deployments? For example, how do you deal with the port mapping? Or logs - do you collect at a common location or let each app log in its corner ? Can you share configuration across instances such as

NIO vs NIO2

2018-12-23 Thread George Stanchev
Hi, We are currently on the latest TC 8.5.37 but soon will be moving to latest 9. Currently we use NIO connectors. I am having hard time evaluating the need (if necessary) to switch to NIO2. Can someone point me to a good resource/link where the two connectors are compared and which situations

Tomcat 8.5.39 on maven central

2019-03-21 Thread George Stanchev
Hi, The announcement went out few days ago but 8.5.39 is still not out there [1]. I know it takes a bit for maven central to pick it up but with the git migration perhaps something got broken? George [1] https://mvnrepository.com/artifact/org.apache.tomcat/tomcat-catalina

RE: Tomcat 8.5.39 on maven central

2019-03-21 Thread George Stanchev
Thanks Mark! -Original Message- From: Mark Thomas Sent: Thursday, March 21, 2019 3:13 PM To: users@tomcat.apache.org Subject: Re: Tomcat 8.5.39 on maven central On 21/03/2019 21:00, George Stanchev wrote: > Hi, > > The announcement went out few days ago but 8.5.39 is stil

Invalid URL characters via AJP

2019-02-06 Thread George Stanchev
In light of recent changes around allowing and subsequent relaxation of the invalid characters handling in TC, I just noticed that TC behind IIS (via JK connector/AJP) happily accepts ";<> etc while the HTTP connector rejects them. Is this how the AJP connector it is supposed to work? Is the

RE: AW: Outbound SSL?

2019-06-03 Thread George Stanchev
What is your webapp using as HTTP client that handles the SSL? -Original Message- From: James Lampert Sent: Friday, May 31, 2019 3:41 PM To: Tomcat Users List Subject: Re: AW: Outbound SSL? This just keeps getting weirder and weirder. I extracted the actual request >

RE: OS

2019-04-21 Thread George Stanchev
FWIW someone is submitting the same identical question (with only the project name different) in the dozen or so Apache projects I am on mailing list of... Just google "Hello, I am doing an investigation. Does Windows Server 2019 support" and see for yourself It looks like a troll

RE: [OT] TLSv1.3 in TC8.5 + Azul Java 8

2019-08-02 Thread George Stanchev
George, On 8/1/19 16:42, George Stanchev wrote: > As of recently Azul has backported the JSSE from Java 11 into Java > 8 [1] and it is currently offering TLSv1.3 support in its Java 8 > distro [2]. Good for them. It's too bad Oracle is so conservative with its policies. I have Azul o

TLSv1.3 in TC8.5 + Azul Java 8

2019-08-01 Thread George Stanchev
As of recently Azul has backported the JSSE from Java 11 into Java 8 [1] and it is currently offering TLSv1.3 support in its Java 8 distro [2]. Does this help TC with JSSE SSL engine to also offer TLSv1.3 on its SSL listeners? [1] https://github.com/openjsse/openjsse [2]

RE: [OT] TLSv1.3 in TC8.5 + Azul Java 8

2019-08-06 Thread George Stanchev
So it seems to work. For whoever is interested to try, the openjsse comes prebundled with Azul's distro, all you need to do is run with -XX:+UseOpenJSSE command line option. On TC side, I added "TLSv1.3" to "sslEnabledProtocols": sslEnabledProtocols="+TLSv1 +TLSv1.1 +TLSv1.2 +TLSv1.3" Also not