Re: No traffic after upgrade to Tomcat 8.5.16 (loadbalancing issue)

2017-07-31 Thread Peter Kreuser
Hi Bernd, > Am 31.07.2017 um 19:17 schrieb Bernd Wahlen : > > Thanks for your help, > > what do you mean with take it off the server farms first? > > The upgrade process is like this: > stop tomcat > change symlink to new version > start tomcat > >

Re: No traffic after upgrade to Tomcat 8.5.16 (loadbalancing issue)

2017-08-01 Thread Peter Kreuser
Bernd, > Am 01.08.2017 um 11:01 schrieb Bernd Wahlen : > > Hi M, Peter and Christoph, > > >Have you tried taking the affected server out completely from the >farm? In > >this way, you have 4 tomcats seen by the loadbalancer. Once >you have done > >the

Re: Where Tomcat webapp contexts live on Debian

2017-08-15 Thread Peter Kreuser
I'd assume the service that starts tomcat sets the bin-Dir, that contains a setenv.sh, that has the CATALINA_HOME and BASE env-Varaibles, where you find the context-Files that have a docbase. I'd like to repeat the question: who did this setup? Peter Kreuser > Am 15.08.2017 um 23:45 schr

Re: Where Tomcat webapp contexts live on Debian (NOT off-topic; A LEGITIMATE TECHNICAL QUESTION)

2017-08-16 Thread Peter Kreuser
That's what I tried to say... sorry I was maybe not specific enough... Peter > Am 17.08.2017 um 02:29 schrieb James H. H. Lampert : > >> On 8/16/17, 11:43 AM, André Warnier (tomcat) wrote: >> , , , >> So as a start, look at /etc/init.d/tomcat7 on your system, and check

Re: Server giving 404 since upgrade to Tomcat7

2017-07-26 Thread Peter Kreuser
Hi all, > Am 25.07.2017 um 21:00 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >>> On 7/25/17 11:14 AM, Peter Flynn wrote: >>> On 24/07/17 11:57, Mark Thomas wrote: >>> On 24/07/17 11:12, Flynn, Peter wrote: >>

[OT]Re: Tomcat server apparently bouncing up and down

2017-08-19 Thread Peter Kreuser
Talking nicely and understandingly to it won't help either, I guess... Have a nice weekend Peter > Am 19.08.2017 um 08:31 schrieb André Warnier (tomcat) : > > 3 kids raised, 30 years of programming talking : slap it. > > >

Re: 8.5.11/8.5.14 using SSLHostConfig protocols and ciphers list ignored

2017-06-26 Thread Peter Kreuser
Todd, Peter Kreuser Peter Kreuser > Am 26.06.2017 um 18:56 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Todd, > >> On 6/23/17 2:56 PM, Todd wrote: >> Thank you Peter - I

Re: Apache httpd server 2.4.25 binaries for Non Windows platforms

2017-06-16 Thread Peter Kreuser
Olaf, Peter Kreuser +49 172 6649346 >> Am 16.06.2017 um 11:14 schrieb Olaf Kock <tom...@olafkock.de>: >> >> Am 16.06.2017 um 08:55 schrieb Prarthana Agwania: >> We have a requirement to package Apache httpd server together with mod_jk >> 1.2.42 and distrib

Re: "Cannot store non-PrivateKeys" exception moving from 8.0.37 to 8.5.20 - Linux

2017-09-21 Thread Peter Kreuser
Peter Kreuser > Am 21.09.2017 um 18:19 schrieb Sean Dawson <sean.dawson2...@gmail.com>: > > Hello, > > We migrated our application that was running fine on 8.0.37 to 8.5.20 and > on startup we receive: > > java.lang.IllegalArgumentException: java.security.Key

Re: encodeURL, jsessionid and mod_rewrite ?

2017-10-03 Thread Peter Kreuser
Peter Kreuser > Am 04.10.2017 um 02:44 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Laurant, > >> On 10/3/17 5:17 PM, Laurent Perez wrote: >> I'm using apache+mod_proxy+mod_re

Re: URL-encoding and "#"

2017-10-13 Thread Peter Kreuser
Chris, Peter Kreuser > Am 13.10.2017 um 04:29 schrieb Christopher Schultz > <w...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > >> On 10/12/17 8:44 PM, James H. H. Lampert wrote: >> Question: >>

Re: tomcat ssl setup

2017-09-27 Thread Peter Kreuser
John, > Am 27.09.2017 um 18:08 schrieb John Ellis : > > > > John Ellis > > 405.285.2500 office > > > > > http://biz-e.io > > > -Original Message- > From: l...@kreuser.name [mailto:l...@kreuser.name] > Sent: Tuesday, September 26, 2017 3:26 PM > To:

Re: Enforcing server preference for cipher suites

2017-10-10 Thread Peter Kreuser
Harish, > Am 10.10.2017 um 00:00 schrieb Harish Krishnan : > > Thanks for the response, Chris. > > Below are my answers in order. > To keep the response as short as possible, i have not included the ciphers > list in the connector - > > a) Tomcat 7.0.79 (will be updating

Re: BREAKTHROUGH (but not solved) Re: Problem: (GSKit) No compatible cipher suite available between SSL end points.

2017-10-10 Thread Peter Kreuser
Christopher, Peter Kreuser > Am 10.10.2017 um 00:14 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > >> On 10/9/17 5:19 PM, Christopher Schultz wrote: >>>

Aw: Trouble with TLS/SSL and Tomcat 8.5.23

2017-11-22 Thread Peter Kreuser
Richard, > Gesendet: Mittwoch, 22. November 2017 um 14:40 Uhr > Von: "Richard Tearle" > > An: users@tomcat.apache.org[mailto:users@tomcat.apache.org] > Betreff: Trouble with TLS/SSL and Tomcat 8.5.23 > Hello > >

Re: Activating Tomcat 8.5 APR on RHEL7

2018-01-15 Thread Peter Kreuser
Hi Jean-Pierre, > Am 15.01.2018 um 15:45 schrieb Jean Pierre Urkens > : > > I am having problems getting the apr library discovered by Tomcat 8.5. This > is what I tried: > > 1. I installed Tomcat-8.5 on RHEL-7. > 2. As the native tomcat apr

Re: Using Environment variables instead of Java -D properties for context.xml substitution

2018-01-23 Thread Peter Kreuser
Algirdas, > Am 23.01.2018 um 13:27 schrieb Algirdas Veitas : > > Andre, my apologies for bringing up a topic that has been repeated ad > nauseum. > > We were thinking of a process like the following, which would eliminate > "the information has to available somewhere in a

Re: Using Environment variables instead of Java -D properties for context.xml substitution

2018-01-23 Thread Peter Kreuser
BTW: > Am 23.01.2018 um 13:56 schrieb Peter Kreuser <l...@kreuser.name>: > > Algirdas, > > > >> Am 23.01.2018 um 13:27 schrieb Algirdas Veitas <apvei...@gmail.com>: >> >> Andre, my apologies for bringing up a topic that has been repeated ad

Re: [OT] How does tomcat handle session ids?

2018-02-08 Thread Peter Kreuser
: Please also review “session fixation” as a side note to this problem. Peter Kreuser > Am 08.02.2018 um 17:14 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Mark, > >> On 2/8/18 4:49 AM

Re: Apache Tomcat 8.5.24 SSL Configuration

2017-12-22 Thread Peter Kreuser
Thomas, > Am 22.12.2017 um 15:38 schrieb Thomas Delaney : > > I apologize for the poor grammar in my last response and extra email. The > site I have setup is internal only. I will not be able to test the site > using SSL Labs. > You may try https://testssl.sh and

Re: Outbound SSL?

2019-05-29 Thread Peter Kreuser
James, Outbound SSL is usually handled by the underlying Java VM. > Am 29.05.2019 um 20:57 schrieb James H. H. Lampert : > > We have a customer that is running our Tomcat-based webapp, and it is > apparently having trouble accessing a Google web service. > > The error message they're getting

Re: AW: Outbound SSL?

2019-06-01 Thread Peter Kreuser
Chris, James > Am 01.06.2019 um 02:30 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > >> On 5/31/19 18:41, James H. H. Lampert wrote: >>> On 5/31/19, 3:34 AM, bernd.sch...@daimler.com wrote: >>> You can run a small java program on your jvm to

Re: Minor version upgrades

2019-05-10 Thread Peter Kreuser
Dave > Am 10.05.2019 um 17:23 schrieb Dave Ford : > > Hello, > > We've running many instances of Tomcat 8.5 on some dozens of linux > servers. All of this is being managed by Puppet using the puppetforge > tomcat module. > > The Puppet module that deploys tomcat simple checks to see if the

Re: Secure Communication Between Tomcat Servers

2019-09-09 Thread Peter Kreuser
Isn‘t that what client certs are for? Https to identify Server A, Client cert to authenticate Server B? Message integrity should then be unnecessary?! Or am I missing a piece? Peter > Am 09.09.2019 um 21:10 schrieb M. Manna : > > Why not use JWT cookies/tokens? You sign your claims and only

Re: Support Request for problem with problem running SSL certificate on tomcat 8

2019-08-07 Thread Peter Kreuser
, but as your keystore is causing troubles, I‘m not really able to troubleshoot that. After all, you may have to reread on cert handling with keytool vs. openssl. I prefer the openssl way ;-). Peter Peter Kreuser > Am 06.08.2019 um 19:50 schrieb Munzer Khatib : > > Hi Peter > I dont have

Re: Problem with OpenSSL cipher suites -what's wrong with this configuration?

2019-08-07 Thread Peter Kreuser
Jessica, Peter Kreuser > Am 07.08.2019 um 14:33 schrieb Alten, Jessica-Aileen > : > > Dear all, > > I have a problem with the Tomcat 9.0.22 configuration for TLSv1.3 using > jdk8u222-b10_openj9-0.15.1 on Windows Server 2016. In principle TLSv1.3 > works, but I wan

[slighly OT] Re: Apache Vulnerability - Understanding Connector Protocols

2019-08-01 Thread Peter Kreuser
Michael, Mark and Chris, > Am 02.08.2019 um 01:40 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Michael, > On 8/1/19 15:21, Michael Osipov wrote: Am 2019-08-01 um 21:19 schrieb Mark Thomas: On 01/08/2019 20:07, Justiniano, Tony wrote:

Re: Support Request for problem with problem running SSL certificate on tomcat 8

2019-08-06 Thread Peter Kreuser
Hi, > Am 06.08.2019 um 02:42 schrieb Munzer Khatib : > > Hi > Can you help me with this problem. > Problem: Installing SSL certificate on Apache Tomcat 8.0.36 fails > I am trying to install a new SSL certificate into Apache tomcat 8.0.36.I ran > same steps ran successfully in 2013 and 2016 on

Re: Security issue involving HTTP response headers

2019-10-02 Thread Peter Kreuser
Hi James, Peter Kreuser > Am 02.10.2019 um 08:05 schrieb > : > > Tomcat 7.0.63 and above. > > Navigate to the tomcat conf directory and open the web.xml with a text editor. > > In the filter section of the web.xml add the following filter >

Re: Using CsrfPreventionFilter with GET-based submissions

2019-11-10 Thread Peter Kreuser
Chris, > > Am 09.11.2019 um 03:58 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > All, > > I'm playing with the CsrfPreventionFilter and things are working well > in the following situations: > > link text > > and > > > ... > > > As long as

Re: Using CsrfPreventionFilter with GET-based submissions

2019-11-12 Thread Peter Kreuser
Chris, > Am 13.11.2019 um 02:35 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >> On 11/10/19 19:05, Peter Kreuser wrote: >> Chris, >> >>> >>> Am 09.11.2019 um 03:58 schri

Re: Global Error Handling

2019-12-03 Thread Peter Kreuser
 Mark, Peter Kreuser >>> Am 03.12.2019 um 14:31 schrieb Mark Thomas : >> On 03/12/2019 12:50, logo wrote: >> Sumit, >> Am 2019-12-03 13:11, schrieb Sumit Bhardwaj: >>> Hi Experts, >>> We have a requirement from a customer, where in case of 404, wh

Re: remote jmx monitoring through ssh tunnel

2019-12-10 Thread Peter Kreuser
Chris‘, > Am 10.12.2019 um 18:59 schrieb Chris Cheshire : > > On Tue, Dec 10, 2019 at 11:58 AM Chris Cheshire wrote: >> >>> On Tue, Dec 10, 2019 at 9:42 AM Christopher Schultz >>> wrote: >>> >>> -BEGIN PGP SIGNED MESSAGE- >>> Hash: SHA256 >>> >>> Chris, >>> >>> On 12/9/19 17:10,

Re: UPDATED: JMX reloadSslHostConfigs fails with javax.management.RuntimeOperationsException

2019-12-16 Thread Peter Kreuser
Mark, Peter Kreuser >> Am 16.12.2019 um 16:05 schrieb Mark Thomas : >> >> On 16/12/2019 12:55, Mark Thomas wrote: >>> On 15/12/2019 09:33, logo wrote: >> >>> Mark can you confirm that this is a bug? >> Confirmed. >> I'm looking

Re: [OT] Install Comodo SSL in Tomcat

2020-01-28 Thread Peter Kreuser
Chris, Peter Kreuser > Am 28.01.2020 um 16:34 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >>>>> On 1/27/20 3:35 PM, logo wrote: >> Could you try >> openssl pkcs12 -export -in my.crt -

Re: [OT] Install Comodo SSL in Tomcat

2020-01-28 Thread Peter Kreuser
Chris, > Am 28.01.2020 um 18:02 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Peter, > >> On 1/28/20 11:30 AM, Peter Kreuser wrote: >> Peter Kreuser >>> Am 28.01.2020 um 16:34 schrieb Christopher

Re: TC8 -> TC9 KeyAlias SSL not supported?

2020-01-13 Thread Peter Kreuser
Peter, > Am 13.01.2020 um 16:49 schrieb Peter Rader : > >  >> Peter, >> Can you find what you are looking for here? >> >> > >> ? > > No! There is no such node or any similar content. And there simply can not be > such a node because all the connector-xml-nodes are self-closing as you might

Re: Let's Encrypt with Tomcat?

2019-12-30 Thread Peter Kreuser
same that you did for 443 forwarding to redirect 80 to tomcat port 8080. IIKS, hope I was not too confusing??? Peter Peter Kreuser > Am 30.12.2019 um 20:01 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > James, > > On 12/2

Re: Let's Encrypt with Tomcat?

2019-12-30 Thread Peter Kreuser
James, > Am 28.12.2019 um 00:33 schrieb James H. H. Lampert : > >  >>> >>> Am I to understand that Tomcat 8.5.40 can use the ".cer," ".ca.crt" and >>> ".key" files directly, instead of the Java Keystore file? Correct! > If so, then that could potentially simplify things: if I have HTTPD

Re: Breakthrough, Re: Let's Encrypt with Tomcat?

2020-01-06 Thread Peter Kreuser
James, >> Am 06.01.2020 um 22:28 schrieb James H. H. Lampert >> : >> >> I think I found something, with the help of "MLu" on ServerFault: >> >> He advised me to try "iptables -L" and "iptables-save" again, only this time >> "sudo" them. >> >> When I did "iptables -L" under root

Re: Curl problem with reloadSslHostConfigs, Re: Let's Encrypt with Tomcat?

2020-01-06 Thread Peter Kreuser
James, > Am 07.01.2020 um 03:11 schrieb James H. H. Lampert : > > Dear Mr. Schultz, et al.: > > The manager password on this Tomcat server has an embedded curly brace, and > an embedded question mark. > > If I do this (the names have been changed to protect the innocent, and the > -k!) >

Re: Ignore duplicate HTTP headers in Tomcat 8.5.50-0+deb9u1

2020-01-07 Thread Peter Kreuser
Chris (and Mark), > Am 07.01.2020 um 17:22 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Mark, > >> On 1/7/20 4:36 AM, Mark Thomas wrote: >>> On 07/01/2020 07:10, Dennis Rech wrote: >>> POST /foo HTTP/1.1 Host: foo.com POST /foo HTTP/1.1 Host:

Re: Ignore duplicate HTTP headers in Tomcat 8.5.50-0+deb9u1

2020-01-07 Thread Peter Kreuser
Mark, maybe this getting offtopic. > Am 07.01.2020 um 18:58 schrieb Mark Thomas : > > On 07/01/2020 16:22, Christopher Schultz wrote: > > > >> Since the Host header seems to be special in this regard (i.e. there >> is no prohibition against multiple Accept headers), might we be >> willing

Re: Let's Encrypt with Tomcat?

2019-12-28 Thread Peter Kreuser
Chris, Peter Kreuser > Am 27.12.2019 um 21:14 schrieb Christopher Schultz > : > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > >> > but the idea is that certbot has "plug-ins" and we'd need to > supply a "tomcat" plug-in that d

Re: [OT] Re: Maven Warning. Ubuntu Users

2020-01-08 Thread Peter Kreuser
Zahid, you‘re talking to one of the most respected members of the community like this? STFU or leave. This calls for an ban! Peter > Am 08.01.2020 um 06:06 schrieb Zahid Rahman : > >  >> >> A version of what? > MAVEN > MAVEN > MAVEN > > In light of this video https://youtu.be/idViw4anA6E

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

2020-04-09 Thread Peter Kreuser
Mark, James > Am 09.04.2020 um 22:14 schrieb Mark Eggers : > > James, > >> On 4/9/2020 12:11 PM, James H. H. Lampert wrote: >>> On 4/6/20 2:13 PM, Mark Eggers wrote: >>> # Secure your proxy - localhost for now - this is IMPORTANT >>> >>>Require ip 127 >>> >> Isn‘t this for CONNECT

Re: Setting up Tomcat behind an existing Apache httpd server (on Amazon Linux 2)

2020-04-06 Thread Peter Kreuser
James, > Am 06.04.2020 um 21:53 schrieb James H. H. Lampert : > > Here is the situation: > > We have an existing Amazon EC2 instance, running Amazon Linux 2, with an > Apache httpd server already running our web sites (for argument's sake, > "foo.com," "bar.com," and "baz.com."), and already

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

2020-08-25 Thread Peter Kreuser
Pratik, > Am 25.08.2020 um 12:14 schrieb Pratik Shrestha : > > Hi all, > > Tomcat version: 9.0.37 > > Our website is running on Tomcat. We did Qualys vulnerability scan on our > site. Scan shows below vulnerability. > > Insecure transport > Group: Information Disclosure > CWE CWE-319 > OWASP

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

2020-08-27 Thread Peter Kreuser
Mark, Sorry for Top-posting. I’m still wondering what is causing this Qualys finding. I remember times when you got only garbage when you connected with http to https. Probably Qualys was fine with that. Now you get a nice 400 message that helps the user understand his mistake and Qualys

Re: Error in stopping application tomcat !!

2020-07-25 Thread Peter Kreuser
Kushagra, > Am 25.07.2020 um 08:12 schrieb Kushagra Bindal : > > One more related changes : > https://bz.apache.org/bugzilla/show_bug.cgi?id=63041 None of the bugzilla entries relate to changes in newer versions. It won‘t be as easy as to search for „ „shutdown“ in either bugzilla or the

Re: Browser complains of "weak signature algorithm" in cert on a new Tomcat installation. Does anybody here know anything about that sort of thing

2021-01-06 Thread Peter Kreuser
James, > Am 07.01.2021 um 00:34 schrieb James H. H. Lampert : > > We just had our first Tomcat 8.5 installation on a customer's AS/400. > > The customer apparently has his own CA (they're a big company), and when I > installed SSL in their Tomcat, and tested it with a browser, it complained,

Re: [OT] programming style or mental process ?

2021-04-05 Thread Peter Kreuser
All, > Am 05.04.2021 um 14:38 schrieb Christopher Schultz > : > > André, > >> On 4/4/21 06:23, André Warnier (tomcat/perl) wrote: >> Hi. >> I have a question which may be totally off-topic for this list, but this has >> been puzzling me for a while and I figure that someone here may be able

Re: Question about TLS/SSL setup and SSLHostConfig or not

2021-03-02 Thread Peter Kreuser
Alex, > Am 02.03.2021 um 23:19 schrieb Alex : > > Hi. > >> On 02.03.21 23:14, John Larsen wrote: >> I usually let the apache webserver or nginx handle the SSL while proxying >> to the tomcat. Unless you need some really fancy rewriting or caching, Tomcat is absolutely capable to handle

Re: Connector Port Issue

2021-08-05 Thread Peter Kreuser
Chris, > Am 05.08.2021 um 18:32 schrieb Rob Sargent : > >  >>Caused by: java.lang.IllegalArgumentException: No SSLHostConfig >> element was found with the hostName [_default_] to match the >> defaultSSLHostConfigName for the connector [https-jsse-nio-9443] >> > The ssl-Options are

Re: Running as user tomcat

2018-02-23 Thread Peter@Kreuser-Online
Hi Chris, > Am 23.02.2018 um 18:36 schrieb Cheltenham, Chris > : > > Hello All, > > I am trying to run tomcat as a non root user. > > It will start as the tomcat user but it will not bind to connector 443 unless > it starts as root. > > Does anyone know

Re: Connection closed error and certificateVerification="required"

2018-04-19 Thread Peter@Kreuser-Online
Mark, >> Am 18.04.2018 um 11:55 schrieb Mark Thomas : >> >> On 18/04/18 10:36, Richard Tearle wrote: >> On 17 April 2018 at 16:45, Richard Tearle >> wrote: >>> On 17 April 2018 at 14:54, Mark Thomas wrote: > On 17/04/18

Re: [EXTERNAL] Re: tomcat Finding!

2018-12-19 Thread Peter@Kreuser-Online
Danyaal, > Am 18.12.2018 um 21:15 schrieb > : > > Added following to the Server.xml, still showing in the latest scan. > > showReport=false" showServerInfo="false" /> > > Thank you, > Danyaal > > -Original Message- > From: John Palmer [mailto:johnpalm...@gmail.com] > Sent:

Re: Http insecure headers

2019-03-05 Thread Peter@Kreuser-Online
t;> i searched and found that need to add express filters in web config but >> >>>>> not >> >>>>> sure on where to add in filters. >> >>>>> >> >>>>> can you please guide me on same? >> >>>>> >> >>

Re: Has anybody ever heard of "ECDHE-ECDSA-CHACHA20-POLY1305"? was Re: TLS protocols and cipher suites

2019-03-19 Thread Peter@Kreuser-Online
Oh, and yes I’ve heard about them and used the RSA version! Peter > Am 18.03.2019 um 23:49 schrieb James H. H. Lampert : > > I've just (same customer as before) been asked about > ECDHE-ECDSA-CHACHA20-POLY1305 > and ECDHE-RSA-CHACHA20-POLY1305 > > and I can't find either one on the Sun or IBM

Re: Has anybody ever heard of "ECDHE-ECDSA-CHACHA20-POLY1305"? was Re: TLS protocols and cipher suites

2019-03-19 Thread Peter@Kreuser-Online
Hi James, > Am 18.03.2019 um 23:49 schrieb James H. H. Lampert : > > I've just (same customer as before) been asked about > ECDHE-ECDSA-CHACHA20-POLY1305 > and ECDHE-RSA-CHACHA20-POLY1305 > > and I can't find either one on the Sun or IBM JSSE cipher lists for Java 8. > Most certainly only

Re: Question regarding mitigating the CVE-2017-12617 vulnerability

2019-02-13 Thread Peter@Kreuser-Online
Michael, > Am 13.02.2019 um 22:03 schrieb Adams, Michael : > > Christopher, > Thanks for your input. It was very helpful. This afternoon, my > InfoSecurity technician who runs the Tripwire app believes Apache Tomcat vs > 8.5.13 is being flagged for the CVE-2017-12617 vulnerability solely

Re: Http insecure headers

2019-02-19 Thread Peter@Kreuser-Online
Hi Nitin, Per se this can be done by enabling the org.apache.catalina.filters.HttpHeaderSecurityFilter in the global or your webapp‘s web.xml For CSP you should write your own Filter. Beware though that Content Security Policy is nothing that can be enabled without application knowhow, the

Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server

2019-04-16 Thread Peter@Kreuser-Online
Hi Gary, see way below inline... > Am 16.04.2019 um 03:02 schrieb Hua, Gary - Saint Louis, MO - Contractor > : > > Luis: > > Thanks for your input. I put the following into > conf/logging.properties and add debug="99" in the Realm definition so I > can see more Realm logging