Mary,
have a look here : http://tomcat.apache.org/whichversion.html
Tomcat 5.5 was first released about 10 years ago, and the last modification to
it was in 2012.
The current "stable" version is Tomcat 8.5.5.
For Open Source and free software such as Apache Tomcat, that means that your chances of
getting support and help for such an old version are really not good, because most of the
people which would be able to help you probably do not run that version anywhere anymore.
Even the documentation is not directly available on-line anymore.
Regarding your particular issue, it is even possible that the requirement which you are
mentioning is younger than Tomcat 5.5 and cannot be met by such an old software version.
It is even likely that, considering the age of your Tomcat and the age of the Java JVM it
is probably running under, there are a whole lot of other security issues with your
server, which make it impossible to make it "secure as the government requires".
What I am saying is that you are probably wasting your time, and ultimately your
employer's time, with this approach.
You seem to mention below that you are using Tomcat "with IIS". Maybe this IIS is a
front-end to Tomcat, and users access Tomcat always through IIS.
If so, then as long as the connection between IIS and Tomcat is secure (e.g. they run on
the same host), then you should probably take care of the SSL/HTTPS (and header) aspect on
the IIS front-end.
That is, if you /really/ cannot upgrade Tomcat and if your applications /really/ do not
run under a newer version of Tomcat and Java.
On 14.09.2016 20:49, Pham, Mary (NIH/OD/ORS) [E] wrote:
Hi Daniel,
A new bee has to learn on an outdated systems! We cann't up upgrade due to
dependency of apps and forms, that's what I've learned.
Thank you for the link. To be honest I do not know what to do yet. I've
checked and seen several web.xml files, in different directories....Some I
think is original, some had modified.
Regards,
-Mary
-----Original Message-----
From: Daniel Küppers [mailto:dan...@tetralog.com]
Sent: Wednesday, September 14, 2016 11:17 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Apache TomCat 5.5
Hello EveryOne,
As new bee of Apache. We have been using one of the old Apache TomCat on windows server
2008R2, IIS 7. After we purchased and installed the SSL certificate. We need to apply a
header directive in Apache "Strict-Transport-Security" so that our web site
would be secured as the Government required. My question is where can I insert this
line? In which and where's the files in Apache TomCat 5.5, JDK 8 updated 102. Is it in
the same server.xml file as we modified the connector for SSL.
Look forward to hearing from your supports.
Regards,
Mary Pham
Information Technology Specialist
National Institutes of Health Library
Division of Library Services
Office of Research Services
10 Center Drive, Room 1L07, MSC 1150
Bethesda, MD 20892-1150
T. 301.496.1506
maryp...@mail.nih.gov<mailto:maryp...@mail.nih.gov>
Hello Mary,
you are using a quite outdated tomcat. A quick googling brought me to
stackoverflow, which might solve the problem for your tomcat 5.5. the easiest
way possible is to add a filter to your webapp and apply the HSTS header in the
response. You can make use of the buildin HSTS support, if its possible to
upgrade your tomcat to a recent version.
Related SO-Question:
http://stackoverflow.com/questions/27541755/add-hsts-feature-to-tomcat
Best regards,
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
