TLS Fallback SCSV - Tomcat 7.0.x

Dear Team, The tomcat version is apache-tomcat-7.0.11 in Windows 32 bit OS. Please suggest us configuration for disabling SSLv3 and support for TLS Fallback SCSV for legacy clients(example - IE6 users where there is no TLS protocol). R

Re: Tomcat 8: NPE in InternalNioOutputBuffer.java:234

On Tue, Dec 2, 2014 at 3:02 PM, Mark Thomas wrote: > On 02/12/2014 22:40, Mark Kolich wrote: > > On Tue, Dec 2, 2014 at 2:04 PM, Mark Thomas wrote: > > > >> On 02/12/2014 20:41, Mark Kolich wrote: > >> > > > https://issues.apache.org/bugzilla/show_bug.cgi?id=57252 is what got me > looking at

Re: Tomcat 8: NPE in InternalNioOutputBuffer.java:234

On 02/12/2014 22:40, Mark Kolich wrote: > On Tue, Dec 2, 2014 at 2:04 PM, Mark Thomas wrote: > >> On 02/12/2014 20:41, Mark Kolich wrote: >> >> >> >>> If you have any thoughts on what I'm doing wrong, or if you can confirm >>> this is a legit bug, I'd be grateful for your input. >> >> There are

Re: Tomcat 8: NPE in InternalNioOutputBuffer.java:234

On Tue, Dec 2, 2014 at 2:04 PM, Mark Thomas wrote: > On 02/12/2014 20:41, Mark Kolich wrote: > > > > > If you have any thoughts on what I'm doing wrong, or if you can confirm > > this is a legit bug, I'd be grateful for your input. > > There are known concurrency issues if you set an error statu

Re: throttle filter

On Tue, Dec 2, 2014 at 4:08 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Chris, > > On 12/2/14 4:28 PM, Chris Gamache wrote: > > Anyone ever suggested? No idea. But I'd be glad to riff on the > > subject in case it shakes so

Re: throttle filter

On Tue, Dec 2, 2014 at 3:28 PM, Chris Gamache wrote: > You could probably be more sophisticated in your > throttling, letting certain IPs or requests through while tarpitting > others. > > I was thinking about how, from my perspective, I see developers wanting to throttle back the number of reque

Re: throttle filter

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 12/2/14 4:28 PM, Chris Gamache wrote: > Anyone ever suggested? No idea. But I'd be glad to riff on the > subject in case it shakes some discussion loose. > > I haven't seen a filter like that, but I'm sure you could work it > out. If I we

Re: Tomcat 8: NPE in InternalNioOutputBuffer.java:234

On 02/12/2014 20:41, Mark Kolich wrote: > If you have any thoughts on what I'm doing wrong, or if you can confirm > this is a legit bug, I'd be grateful for your input. There are known concurrency issues if you set an error status on a non-container thread. I'm literally in the middle of fixing

Re: CloseReason 1002

Ok more information it was not the back to back writes that are done on the client side, I have a bytebuffer message that is 23,000 bytes and thats where the error with code 1002 happens sometimes not 100% of the time about 2 out of 5 times. However an 800 byte message in a bytebuffer has no proble

Re: Newbie question re certificates

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andrew, On 12/2/14 8:09 AM, Andrew Gronosky wrote: > > On 2014-12-02 04:55, John Dunn wrote: >> I have been asked the following question during an audit, which >> I personally don't understand. >> >> "When using Mutually authenticated TLS is auth

Re: throttle filter

Anyone ever suggested? No idea. But I'd be glad to riff on the subject in case it shakes some discussion loose. I haven't seen a filter like that, but I'm sure you could work it out. If I were implementing it I would use a Valve... Valves are easy to write- just extend org.apache.catalina.valves.V

Re: CloseReason 1002

No luck try to find a blocking call or having the websocket server reader go off into another thread. so basically no way around this problem it seems? On Tue, Dec 2, 2014 at 9:19 AM, Mark Thomas wrote: > On 02/12/2014 13:05, Jason Ricles wrote: >> Mark, >> >> Is there any way to do two back to b

Tomcat 8: NPE in InternalNioOutputBuffer.java:234

Hi there, One of my applications is facing a pesky issue in Tomcat 8.0.15 dealing with an NPE at InternalNioOutputBuffer.java:234. I searched Bugzilla and the lists, but didn't find anything that matched the NPE stack exactly. Maybe I missed it. Before I file a bug, I wanted to check here first

Re: tomcat7-maven-plugin and mail

Unless you're doing something unconventional, it shouldn't be painful. We may getting off-topic, but if you would like to post your project pom and any parents, I'll take a peek and see if there's anything that leaps out at me. My gut says your build is omitting dependencies that Maven expects to

throttle filter

Has anyone ever suggested a configurable throttle filter as one of the container provided filters in Tomcat? Or are people generally using the attributes in the HTPP connector for limiting requests to the server for a given amount of time? leo

Re: CloseReason 1002

On 02/12/2014 13:05, Jason Ricles wrote: > Mark, > > Is there any way to do two back to back writes to a websocket with a > sort of blocking technique, and without using a sleep? Use one of the blocking methods (i.e. one without a Future or SendHandler). A variation way is to call setBatchingAll

Re: Newbie question re certificates

On 2014-12-02 08:09, Andrew Gronosky wrote: As I discovered yesterday, if you have a client cert that is signed by a CA that Tomcat trusts, but whose name (synonymously, CN) does not map to a recognized user, then you will connect to Tomcat but get an HTTP 401 error as your response. If the

Re: Newbie question re certificates

On 2014-12-02 04:55, John Dunn wrote: I have been asked the following question during an audit, which I personally don't understand. "When using Mutually authenticated TLS is authorisation based on the certificate name(and not just on the root CA)?" Can anyone clarify what exactly this mean

Re: CloseReason 1002

Mark, Is there any way to do two back to back writes to a websocket with a sort of blocking technique, and without using a sleep? On Mon, Dec 1, 2014 at 3:13 PM, Mark Thomas wrote: > On 01/12/2014 18:30, Jason Ricles wrote: >> What might be causing this error on concurrent writes in a websocket,

Newbie question re certificates

I have been asked the following question during an audit, which I personally don't understand. "When using Mutually authenticated TLS is authorisation based on the certificate name(and not just on the root CA)?" Can anyone clarify what exactly this means and whether Tomcat supports this? Chee

Re: tomcat7-maven-plugin and mail

What you wrote as a set of suggestions was my original attempt. Then I read (possibly spuriously) that Tomcat ignored either mailx or activation when shipped inside a WAR, and that if both Tomcat (via it's lib/) and the WAR contained either of those then the duplicate JAR would result in an error.

META-INF/context.xml and deploy issue

Hello, I'm facing an issue with tomcat 6. In order to setup a JDNI, we added a context.xml file to our application (XWiki) in the already-deployed folder webapps/xwiki/META-INF/ and configured the existing webapps/xwiki/WEB-INF/web.xml accordingly. update of web.xml triggered the app reload which