SSL inconsistency

2016-07-14 Thread i...@flyingfischer.ch
While testing locally the new 8.5 branch, I did experience some inconsistency with self-sigend SSL certs. I did manage to resolve them by installing Tomcat-Native library / APR, but maybe it is still worth reporting in regard of the different behaviour for the same cert, between Tomcat

Re: java

2016-07-18 Thread i...@flyingfischer.ch
Am 18.07.2016 um 17:14 schrieb Sanka, Ambica: Steffen, Is it also possible to test your stuff with jdk1.8.0_51 so that we will know something must be wrong with security in jdk1.8.0_51? Appreciate your help Ambica. You may want to follow the changes in

Re: Access to source IP address during authentication and authorization

2017-08-08 Thread i...@flyingfischer.ch
Am 08.08.2017 um 14:05 schrieb Christopher Schultz: > All, > > In spite of my (somewhat) recent work on the CredentialHandlers, I > haven't been using Tomcat's container-provider authentication and > authorization for over a decade. This is because I need access to the > user's source IP address

Re: Apache Struts

2017-09-14 Thread i...@flyingfischer.ch
Am 14.09.2017 um 18:38 schrieb Small, Wayne H: > All, > A question for the forum: Does TomCat 8.5.13 use Apache Struts or the Rest > plugin? > > > Wayne Small > Software Engineer Sr. > Lockheed Martin > Clearwater Manufacturing Facility > 3655 Tampa Road > Oldsmar, FL. 34677 > 813-854-7305 -

Re: URL-encoding and "#"

2017-10-13 Thread i...@flyingfischer.ch
Am 13.10.2017 um 12:48 schrieb Alex O'Ree: > Well that explains a lot. Similar issue for me. With url encoding, tomcat > is dropping back slash and the plus symbol. While I think it is perfectly eligible to strive for a most perfect alignement with standards and specs, I think Tomcat should

Re: URL-encoding and "#"

2017-10-13 Thread i...@flyingfischer.ch
Am 13.10.2017 um 09:01 schrieb Mark Thomas: > From memory, # isn't one of the allowed exceptions. > > The full list of invalid characters in the request line that Tomcat > started to check for is: > ' ', '\"', '#', '<', '>', '\\', '^', '`', '{', '|', '}' > > The allowed exceptions are (currently)

Re: Apache Struts 2 Vulnerability in Tomcat 7.x

2017-09-08 Thread i...@flyingfischer.ch
Am 08.09.2017 um 10:59 schrieb Billy Aung Myint: > Hi Everyone, > > May I know if Tomcat 7.x version is affected by the Apache Struts 2 > vulnerability? > I mean does Tomcat uses any of the Struts' libraries or such in any part of > the Tomcat? > > Thanks! > Tomcat is affected by Tomcat

Re: TLD scanning performance question

2017-10-25 Thread i...@flyingfischer.ch
> > Yes, it's the SecureRandom initialization that is killing you. Being a > virtual server, it likely has no direct source of true randomness so > it needs to pull from whatever the hypervisor is willing to provide. > > You'll need to ask your virtualization vendor for how to get access to >

relaxedPathChars / relaxedQueryChars XML

2018-05-10 Thread i...@flyingfischer.ch
Thanks for the two new configurable options relaxedPathChars and relaxedQueryChars. https://bz.apache.org/bugzilla/show_bug.cgi?id=62273 However, since these two elements will be nested in server.xml, adding "<>" will result in an invalid XML and a failing reboot of tomcat. The instructions

Re: Am I reinventing the wheel to get letsencrypt certs for Tomcat

2017-10-27 Thread i...@flyingfischer.ch
Am 27.10.2017 um 15:29 schrieb André Warnier (tomcat): > On 27.10.2017 15:05, Don Flinn wrote: >> Hi Andre, >> >> I have looked and it may be my ignorance but I didn't find any that >> seemed >> to fit.  I'll look more closely at the available letsencrypt clients. > > It is certainly more my own

Re: mod_jk: Forwarding URLs containing escaped slashes (e.g. for REST services) fail with syntactical-wrong double-escaping

2018-06-20 Thread i...@flyingfischer.ch
> Hi all, > > I have problems to pass (REST-) URLs containing escaped slashes ('%2F') in > path elements using the Apache httpd and mod_jk to the application server > (in fact not Tomcat, but Wildfy. But this is of no matter, here). > > This kind of URL may be accepted by the httpd using

Re: Wrong content-type for CSS files since 8.5.37 / 9.0.14

2018-12-27 Thread i...@flyingfischer.ch
Am 27.12.18 um 21:34 schrieb Rémy Maucherat: > On Thu, Dec 27, 2018 at 9:30 PM Mark Thomas wrote: > >> On December 26, 2018 9:49:00 PM UTC, "i...@flyingfischer.ch" < >> i...@flyingfischer.ch> wrote: >>> Tomcat versions 8.5.37 and 9.0.14 seem

Wrong content-type for CSS files since 8.5.37 / 9.0.14

2018-12-26 Thread i...@flyingfischer.ch
Tomcat versions 8.5.37 and 9.0.14 seem to serve CSS files embedded in a webapp as content-type: text/html;charset=UTF-8 instead of content-type: text/css;charset=UTF-8 This causes the browser (FF) not to interpret the CSS. I suspect the listed change in changelog of 8.5.36: "The default

Re: Tomcat memory growth while using TLS

2019-01-12 Thread i...@flyingfischer.ch
Am 11.01.19 um 18:23 schrieb Mark Thomas: > Found it. > > The leak impacted NIO and NIO2 when used with OpenSSL. > > The bug is in Tomcat Native. I have a fix that I am currently testing. > That fix should be in the next Tomcat Native release. > > For those interested in the technical details,

Re: Tomcat memory growth while using TLS

2019-01-09 Thread i...@flyingfischer.ch
Am 09.01.19 um 11:14 schrieb Mark Thomas: > On 08/01/2019 23:51, Mason Meier wrote: >> Hello, >> >> I'm running Tomcat-8.5 with TLS and I've noticed substantial memory growth >> with requests over time, to the point that if I run Tomcat in Docker and >> make constant requests to it, Docker will

Re: Tomcat 9 Nio2+OpenSSL problem (very likely a bug)

2019-03-18 Thread i...@flyingfischer.ch
Am 18.03.19 um 16:43 schrieb Igor T: >> Since 9.0.12 and 16 do the same, I wouldn't look at that at all. Something >> simple like this works in the general case, there must be something >> specific here. So it's Windows, which some unspecified OpenSSL version. >> >> Rémy > That's not right. After

Re: Massive Startup Time after Server Reboot

2019-05-18 Thread i...@flyingfischer.ch
Try apt-get install haveged update-rc.d haveged defaults This increases the system entropy for random generation and reduces boot time for Tomcat considerably. Markus Am 18.05.19 um 22:18 schrieb Rainer Jung: > Most likely it hangs waiting for enough entropy for random number > generator

Re: Massive Startup Time after Server Reboot

2019-05-18 Thread i...@flyingfischer.ch
Sorry, you seem to be lost on a Windows Server... ...haveged won't help you in this situation. Markus Am 18.05.19 um 23:39 schrieb i...@flyingfischer.ch: > Try > > apt-get install haveged > update-rc.d haveged defaults > > This increases the system entropy for random gene

Re: [ANN] Apache Tomcat 9.0.24 available

2019-08-19 Thread i...@flyingfischer.ch
Am 19.08.19 um 19:43 schrieb i...@flyingfischer.ch: > Am 19.08.19 um 10:00 schrieb Mark Thomas: >> The Apache Tomcat team announces the immediate availability of Apache >> Tomcat 9.0.24. >> >> Apache Tomcat 9 is an open source software implementation of the Java >>

Re: [ANN] Apache Tomcat 9.0.24 available

2019-08-19 Thread i...@flyingfischer.ch
Am 19.08.19 um 10:00 schrieb Mark Thomas: > The Apache Tomcat team announces the immediate availability of Apache > Tomcat 9.0.24. > > Apache Tomcat 9 is an open source software implementation of the Java > Servlet, JavaServer Pages, Java Unified Expression Language, Java > WebSocket and JASPIC

Bug with Tomcat-8.5 and Apache Commons FileUpload

2019-09-30 Thread i...@flyingfischer.ch
I stumbled over a new problem which very likely appeared after apache-tomcat-8.5.43 and between apache-tomcat-8.5.46 Using Apache Commons FileUpload gives for some kind of PDF files: [https-openssl-apr-443-exec-15] org.apache.struts.upload.CommonsMultipartRequestHandler.handleRequest Failed to

Re: Bug with Tomcat-8.5 and Apache Commons FileUpload

2019-09-30 Thread i...@flyingfischer.ch
thresholds as well. If you have a reproducible test case, > enabling debug for http2 in logging.properties should shed some light on > exactly what is going on. > > Mark > > > On 30/09/2019 17:48, i...@flyingfischer.ch wrote: >> I stumbled over a new problem which very li

HttpClient 5.0 / Apache Tomcat

2019-09-27 Thread i...@flyingfischer.ch
In case anybody with advanced Docker skills is interested to help improve compatibility tests between HttpClient 5.0 and Apache Tomcat: http://mail-archives.apache.org/mod_mbox/hc-dev/201909.mbox/%3C0d30be42ab3743b48fd73122a4421d11d301761b.camel%40apache.org%3E Best Markus

Tomcat 8.5.48: java.lang.StringIndexOutOfBoundsException

2019-11-23 Thread i...@flyingfischer.ch
After updating to Tomcat 8.5.49 starting TC on daemon fails with: java.lang.StringIndexOutOfBoundsException: String index out of range: 0 at java.base/java.lang.StringLatin1.charAt(StringLatin1.java:48) at java.base/java.lang.String.charAt(String.java:709) at

Re: Tomcat 8.5.48: java.lang.StringIndexOutOfBoundsException

2019-11-23 Thread i...@flyingfischer.ch
r-1-config --with-java-home=$JAVA_HOME --with-ssl=yes --prefix=/usr/share/tomcat8/$newVersion) Markus Am 23.11.19 um 11:37 schrieb Mark Thomas: > On 23/11/2019 09:43, i...@flyingfischer.ch wrote: >> After updating to Tomcat 8.5.49 starting TC on daemon fails with: >> >> java.lang.

Re: Jakarta EE 9

2019-10-28 Thread i...@flyingfischer.ch
Am 28.10.19 um 15:39 schrieb Mark Thomas >> If this is going to be disruptive and we cannot maintain compat, why >> not >> go the extra step and explicitly move Tomcat code to >> org.apache.tomcat.* >> for Tomcat 10? Git renames will work flawlessly for backports. > It will break things for

Re: Tomcat 8.5.48: java.lang.StringIndexOutOfBoundsException

2019-11-24 Thread i...@flyingfischer.ch
gt; On 23/11/2019 15:38, i...@flyingfischer.ch wrote: >> openjdk version "13.0.1" 2019-10-15 >> OpenJDK Runtime Environment Zulu13.28+11-CA (build 13.0.1+10-MTS) >> OpenJDK 64-Bit Server VM Zulu13.28+11-CA (build 13.0.1+10-MTS, mixed >> mode, sharing) > And how

Re: Tomcat 8.5.48: java.lang.StringIndexOutOfBoundsException

2019-11-24 Thread i...@flyingfischer.ch
rting the addition of " in daemon.sh > made in this commit: > https://markmail.org/message/ouaatfznmjbrva23 > > I'll get this fixed for the next release. The November release was > fairly late. The December one should (hopefully) be nearer the beginning > of the mont

Re: Tomcat won't use TLSv1.2

2020-03-05 Thread i...@flyingfischer.ch
Am 05.03.20 um 23:10 schrieb rugman66 .: > On Thu, Mar 5, 2020 at 10:44 AM i...@flyingfischer.ch > wrote: >> Try SSLProtocol="TLSv1.2" (mind the case) instead of sslProtocol="-all >> +TLSv1.2". >> >> Had this issue too. The connector parameter

Re: Tomcat won't use TLSv1.2

2020-03-06 Thread i...@flyingfischer.ch
Am 06.03.20 um 15:41 schrieb Christopher Schultz: > Markus, > > On 3/5/20 13:44, i...@flyingfischer.ch wrote: > > Try SSLProtocol="TLSv1.2" (mind the case) instead of > > sslProtocol="-all +TLSv1.2". > > This is correct when using either OpenSSL o

Re: secureRandom... using [SHA1PRNG] ..took (up to) 20 minutes

2019-12-30 Thread i...@flyingfischer.ch
apt-get install haveged update-rc.d haveged defaults Increases entropy pool and there for reduces start up time for Tomcat. Markus Am 30.12.19 um 11:22 schrieb Rainer Jung: > It depends a bit on the major Java version you are using, but have a > look at this page: > >

Re: Tomcat won't use TLSv1.2

2020-03-05 Thread i...@flyingfischer.ch
Try SSLProtocol="TLSv1.2" (mind the case) instead of sslProtocol="-all +TLSv1.2". Had this issue too. The connector parameters for SSL are a huge mess and have been changed constantly. Best Markus Am 05.03.20 um 19:30 schrieb rugman66 .: > Hello, > > > > I have both Apache and Tomcat running on