Re: Tomcat APR / openssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jennifer, On 10/9/17 10:22 AM, Wang, Jennifer wrote: > I am looking openssl's SSL_CTX_set_psk_server_callback in APR & > did not found it. Just wonder if there is way to set it. We need to > use TLS-PSK. I don't believe there is an easy way to use Tomcat with a PSK-based TLS cipher suite. Why not use RSA with a client-certificate if you want two-way authentication? - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJRBAEBCAA7FiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnb5SQdHGNocmlzQGNo cmlzdG9waGVyc2NodWx0ei5uZXQACgkQHPApP6U8pFgwwQ/+JUc5+GjSPj5geBUh QEGLd5+7wJSb48rZ1dLXrMPDkHms9js/osGnwLKF6R0ypJHkIcHnq380ZpMREPgZ YVHTEcoWSoeUAmN+xavJAaaTyiRtE3al3IuHMegiEq/ld95EaJ1kKAxup8kH/rIs s46Z3fpaho6auxPNXtAxYbCQ/SOjgHmC2v6ZJsJKJRrI/QotEWlOISaxgo4oJk5X DVfzEaIplFx74WR+jpXyQJFGI19BI93bCSPgy4Niqk9wJb3Wv3XuEoolyoZkL5yC QuaoUAIqFGuNqRR+WbjYH7kNjRv+HtmY+fhZCk2YnmUDytg2xj+MPOXIDdKACJQv Nlns4KhLU2AtXTTluO+nLEfbl9r9OtTMuVqDl0+Sbl2gest2JipY4Zgm7h7+r83h a77Ct0EDGomDhUkqrvfvRE6so0KO5uga9sj8kGulmA5EiPK3/tOrseJ1ZDMnvCfH 8+ev/oHqjAjFOojCX5u+omZ4RNsx+Va7/RMJCbfUcpB4HjrX1MDIIlsmq2egi6Rg DJA3g1+GkwCS2Ul2EehuZmo5Lez3oamIDksJ04GyMUbyx5QBS4JJqGR5KGIE9+nM M51t932+ioFxgEndTYBUedftiDGvEGBH8Wy7yUhpXtrPmg5SF6Izih7n9OyBlATr X4SHzGl7BNeWxRvf33hbH1T+ToE= =nDIg -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat APR / openssl
NONCONFIDENTIAL // EXTERNAL Hi I am looking openssl's SSL_CTX_set_psk_server_callback in APR & did not found it. Just wonder if there is way to set it. We need to use TLS-PSK. Thanks! Jennifer
Tomcat APR / openssl
NONCONFIDENTIAL // EXTERNAL Hi I am looking openssl's SSL_CTX_set_psk_server_callback in APR & did not found it. Just wonder if there is way to set it. We need to use TLS-PSK. Thanks! Jennifer
Re: tomcat apr openssl logging
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeremy, On 4/30/13 5:23 PM, Christopher Schultz wrote: Jeremy, On 4/30/13 1:47 PM, Jeremy Bowers wrote: How do I go about setting up server side logging to gain more detailed information about ssl connections when using tomcat with apache tomcat native, apr, and openssl for https? Can you explain in a little more detail? Do you want something other than what AccessLogValve[1] can provide? You can learn a lot from the standard request attributes that the servlet spec mandates[2] such as javax.servlet.request.cipher_suite, javax.servlet.request.key_size, etc. What kind of information are you looking for specifically? -chris [1] https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Access_Log_Valve [2] See Servlet Spec 3.0, Section 3.8 Perhaps your lack of results stems from the lack of follow-ups? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRgqKZAAoJEBzwKT+lPKRYqAcP/0tW5W2g0nYo4RgdVJzBOzeH R/JNg4UCzcdOzfJ1Fw961/zo08t5UJxxqtdvjzC5FARfUFWxrP+Jiu6XKSR1FWL7 UgnF22mW5ExRvOkbHQExc1E20rfijalNeigRLq4CKkrwTW49x8R1IPXPgbmxFkj3 M/0ESuoWj4iMf8QnnGuzrWFwk3FUMJfjg0pHradhq7OX4Dci21GOXrFFZmc9DgFB SxywrUawQKcFIAsvb4UGgnENdMDN4SN2g3yLgsS5+5OWc0lEoqAsavOR/jYp3Dre c/IJpGitX1fpgdT/4E7WXcJVs0vGIU0el978TpsP5mxIvEmPiNwRZxP+gHc8HTc2 RpLDopriBXuSXG9ZBYiyr8wauVznkUZIfU0mKojc66o9FksF6wsV1wJp9KwO+V2w NyjlrG4JVEEuqaaAOVnkEEYg07FKx2c2P3k++disWYSlS/EVP5YgIdOSOWgGNWyp LcsGTnlWcx9bmwY5vDvsf4h2qyB3pjk9OL224N3bTqWhoJX+IHoTGlpKmB701/g8 VCUalzcLk7BH9+nNoLj5FkY1idinHBXLsFlLHNsBneuNzCJD6WI8gCbz7UZkDRm0 feDNiMhH4rXCeVe586JV5TqH+N93BUOSu4pB3rnheTYpeWuw2BO4Z8r+xybveTvd WrUN7w+TUdH1h7UVhmGK =JIej -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat apr openssl logging
My searches for the answer to this question have so far not turned up a solution. I've found others asking the same question but the only non-answers I've found are to utilize a full apache httpd server or go back to jsse for logging. If this has been answered before, I sincerely apologize, but my search terms haven't found an answer as of yet. I'm hoping someone on here can help: How do I go about setting up server side logging to gain more detailed information about ssl connections when using tomcat with apache tomcat native, apr, and openssl for https? Thanks! -Jeremy
RE: tomcat apr openssl logging
Jeremy, I've been down the same road and never found any acceptable logging solution within the APR. Every APR/OpenSSL issue we've had over the last 3 years has been resolved using WireShark. Wireshark is indispensable. Steve -Original Message- From: users-return-241544-STEVEN.J.ADAMUS=saic@tomcat.apache.org [mailto:users-return-241544-STEVEN.J.ADAMUS=saic@tomcat.apache.org] On Behalf Of Jeremy Bowers Sent: Tuesday, April 30, 2013 10:47 AM To: users@tomcat.apache.org Subject: tomcat apr openssl logging My searches for the answer to this question have so far not turned up a solution. I've found others asking the same question but the only non-answers I've found are to utilize a full apache httpd server or go back to jsse for logging. If this has been answered before, I sincerely apologize, but my search terms haven't found an answer as of yet. I'm hoping someone on here can help: How do I go about setting up server side logging to gain more detailed information about ssl connections when using tomcat with apache tomcat native, apr, and openssl for https? Thanks! -Jeremy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat apr openssl logging
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeremy, On 4/30/13 1:47 PM, Jeremy Bowers wrote: How do I go about setting up server side logging to gain more detailed information about ssl connections when using tomcat with apache tomcat native, apr, and openssl for https? Can you explain in a little more detail? Do you want something other than what AccessLogValve[1] can provide? You can learn a lot from the standard request attributes that the servlet spec mandates[2] such as javax.servlet.request.cipher_suite, javax.servlet.request.key_size, etc. What kind of information are you looking for specifically? - -chris [1] https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Access_Log_Valve [2] See Servlet Spec 3.0, Section 3.8 -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJRgDZqAAoJEBzwKT+lPKRYmncP+wUidTM08lHoTLWz1mIddGPv e6IdOGw6iet8sjRCU2vBcV414aZMqafJCfoZLmemAtj1KfUpR85sCiF06fTPq9Q+ g1SrXGGHJPu6VQL9FlYi2yJoMLL1VCayjhRgnIKStqi2kgdhdaGE9AaMa/SKbNOM zNa3COy35M4TcmsCKPuI/oEsgEG7oLk8dOimh8FAHKc/pdOhvamfFmXH9mXakIpE ShUVFKFCewTRILjEYoCh1GU7++Rs89BPVKS6UKy4c4tAYVB87ev6pZFwPs2UsAjb 7StW9lrxDQdMvsKDY5iuR0prcpiTQaK+EV+SODC4rFygPKMmyMWnNS3Qx09AcBO5 TzWBr9hSjeyNMAypogIUXZ1L0u4uTm/owCjagr8NXixfdeOIDvAdiifRlrTjVAQQ eu8XpkzTNMpDbdD43d60186hY7yyMF3o5fFxuYb2A5J6SETV5NU7ORjwR6fStsmU 6IId38lZcrhxyA8HE2q2/0v/r7MEwOPxKEPxysSnKwxvEjcWW6Z1oEDnNiM/pw6t RkDUNTMQaJBWhOkNwcuZiGy7JM5DqZDB1tltbNSFgDcbFFXjG3AWnkY4qldP765K lPEsrwZVfGxVnTZf6fYMNQhYFNEnjFu5Q2BbqXT+hOkRrLn/r9LH2h/8SpCvDkGd A46SO3D5/pc/kjsR4/cc =KLRM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org