Hi,
Here is the Connector configuration:
I use wrk, the currentThreadsBusy is higher than the value in ab testing,
but most of time is less than 40.
./wrk -t100 -c 100 -d 10s http://10.211.55.4:8080/
For APR connector, will it get one thread from the poll to deal with each
request?
2017
Hi,
if anybody else is hitting this:
This commit seems to have broken the Spring when running under Tomcat
with unpackWARs=false -
https://github.com/apache/tomcat80/commit/7e767cc6efe79cdd367213da3c1f88711a29ad7a#diff-a72fb99b0729353084d2c437f749e718
I did open a Jira Bug report against
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Durga,
On 3/8/17 10:02 AM, Durga Srinivasu Karuturi wrote:
> We are using JSSE only not APR. Looking for handshake failures.
>
> Yes, using JSSE SSL debug, we are able to get all handshake
> (-Djavax.net.debug=ssl:handshake) logs including success
Here are my versions of these test files:
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You un
Chris,
We are using JSSE only not APR. Looking for handshake failures.
Yes, using JSSE SSL debug, we are able to get all handshake
(-Djavax.net.debug=ssl:handshake) logs including success cases. These are
still quite bit expense logs and meant for debug purposes. As you said it
might impact perfo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Linbo,
On 3/7/17 10:14 PM, linbo liao wrote:
> I setup local environment to test Tomcat monitor.
>
> The Environment:
>
> Tomcat: 8.5.5 VM: Ubuntu 14.04.1 LTS HTTP PORT: 8080 IP:
> 10.211.55.4
>
> Tomcat use APR connector, I test the tomcat via a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Durga,
On 3/8/17 9:29 AM, Durga Srinivasu Karuturi wrote:
> We have a requirement in our application to log all TLS session
> failures.
Specifically, what kind of failures? Failed handshakes? Initial or
re-negotiation? Are you using JSSE or APR? If
Our production usage also has same phenomenon that my "currentThreadsBusy"
always not high (3-5), but my "currentThreadCount" will go to 200-300
sometimes. I know that at some busy time, more threads will be created, so the
thread pool get high, but at the same time, the busy threads will also
Hi,
We have a requirement in our application to log all TLS session failures.
We are using Tomcat 8.5.11 using JSSE for SSL layer. Is there any way to
configure tomcat to log/trace any TLS Failure on tomcat sessions?
Thanks,
Durga Srinivasu
Hello, and sorry for top-posting, I don't know how to configure Outlook to do
it differently.
I was finally able to run your test. I had a lot of trouble doing it:
* did not have SVN, downloaded TortoiseSVN
* tried to open the project in IDEA, but failed miserably, I really hope that
there was p
Hi All
I owe an apology, sorry.
Although I'd removed all apps I hadn't removed the instrumentation settings
from start up. With these removed the issue has gone away.
Thanks for the support
Mark
-Original Message-
From: Pritchett, Mark S. (CONT)
Sent: 08 March 2017 13:29
To: Tomcat Use
Linbo,
"currentThreadsBusy" is number of busy threads. These are the threads
are being actively use. If you are seeing this count > 0 for long
time(depending on your application type), then most likely you have
"hung thread". In that case thread dump analysis will show you root of
the problem.
"c
Hi Mark
The problem remains if I remove all the webapps except ROOT.
Regards
Mark
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: 08 March 2017 13:23
To: Tomcat Users List
Subject: Re: httpOnly issue
On 08/03/17 12:53, Pritchett, Mark S. (CONT) wrote:
> Hi All
>
On 08/03/17 12:53, Pritchett, Mark S. (CONT) wrote:
> Hi All
>
> My first posting.
>
> Server version: Apache Tomcat/7.0.67
> JVM Version:1.7.0_131-mockbuild_2017_02_07_02_15-b00
>
> A vulnerability scan has shown that tomcat doesn't apply httpOnly to come
> cookies.
> I need to determine i
Hi All
My first posting.
Server version: Apache Tomcat/7.0.67
JVM Version:1.7.0_131-mockbuild_2017_02_07_02_15-b00
A vulnerability scan has shown that tomcat doesn't apply httpOnly to come
cookies.
I need to determine if this can be 'corrected'.
We're scanning using ZAP,
https://www.owasp
Well, if there are no hints, here is my view.
I checked the code for locations where org.apache.catalina.Globals.SUBJECT_ATTR
(or the String "javax.security.auth.subject") is used. There are seemingly two
locations:
- org.apache.catalina.connector.Request.setUserPrincipal(...)
- org.apache.catal
16 matches
Mail list logo
