Am 05.03.20 um 23:10 schrieb rugman66 .:
> On Thu, Mar 5, 2020 at 10:44 AM i...@flyingfischer.ch
> wrote:
>> Try SSLProtocol="TLSv1.2" (mind the case) instead of sslProtocol="-all
>> +TLSv1.2".
>>
>> Had this issue too. The connector parameters for SSL are a huge mess and
>> have been changed
Hello,
> If you don't set secretRequired="false" properly then at start time Tomcat
> will complain if there is no specified "secret" attribute.
> If it doesn't complain then most probably you are testing again with the
> wrong server.xml or old version of Tomcat.
the issue seems to be that mod_j
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Jürgen,
On 3/5/20 01:59, "Jürgen Göres" wrote:
>
> Hi,
>
>>> If it is, what is the recommended mitigation? We consider using
>>> the "secret" feature (the filtering by request attributes is
>>> infeasible for us), but that would be a bit of effort a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dave,
On 3/5/20 06:21, Dave Ford wrote:
> On Wed, 2020-03-04 at 13:19 -0500, Christopher Schultz wrote:
>>
>>> We're in the same position as you. External web servers
>>> talking to Tomcat servers on other boxes via AJP.
>>
>> Are those connections
On Thu, Mar 5, 2020 at 10:44 AM i...@flyingfischer.ch
wrote:
>
> Try SSLProtocol="TLSv1.2" (mind the case) instead of sslProtocol="-all
> +TLSv1.2".
>
> Had this issue too. The connector parameters for SSL are a huge mess and
> have been changed constantly.
>
> Best
> Markus
>
> Am 05.03.20 um 19:
Thanks Markus. Now a different issue is occurring. One specific version of
the URL is using TLS 1.0.
https://server.domain.com
On Thu, Mar 5, 2020 at 10:44 AM i...@flyingfischer.ch
wrote:
> Try SSLProtocol="TLSv1.2" (mind the case) instead of sslProtocol="-all
> +TLSv1.2".
>
> Had this issue to
Thanks Mark,
Two connector configs works.
Any ideas, on why the behavior if different for ISAPI and mod_jk modules?
-Original Message-
From: Mark H. Wood
Sent: Thursday, March 5, 2020 10:28 PM
To: users@tomcat.apache.org
Subject: Re: bind Tomcat to IPv4 and IPv6 loopback, Tomcat 9.0.31
Try SSLProtocol="TLSv1.2" (mind the case) instead of sslProtocol="-all
+TLSv1.2".
Had this issue too. The connector parameters for SSL are a huge mess and
have been changed constantly.
Best
Markus
Am 05.03.20 um 19:30 schrieb rugman66 .:
> Hello,
>
>
>
> I have both Apache and Tomcat running on
Hello,
I have both Apache and Tomcat running on the same RHEL. I have successfully
configured Apache to use OpenSSL TLSv1.2, but I cannot get Tomcat to use
TLSv1.2. Tomcat for some reason
will only use TLV 1.0, and that is no good. No matter what parameter I set
in the server.xml sslProtocol di
On Thu, Mar 05, 2020 at 01:52:57PM +, Piyush Kumar Nayak wrote:
> Is there a way to get Tomcat's AJP connector to bind to both IPv4 and IPv6
> loopback addresses.
>
> By default, it seems that Tomcat binds to IPv4 loopback
> Default connector config :
> packetSize="65535" secret="xxx" tomcat
It's a development environment. I used a modified WAR file which allows
access to the gogo (g!) shell. I have since decided to use a different
method that doesn't require g!.
On Thu, Mar 5, 2020 at 12:26 AM Martin Grigorov
wrote:
> Hi,
>
> On Wed, Mar 4, 2020 at 5:58 PM Iowa Research
> wrote:
>
On Wed, Mar 4, 2020 at 4:46 PM Mark Thomas wrote:
> On 04/03/2020 20:20, Robert Hicks wrote:
> > We are getting the following over and over in our catalina.out file:
> >
> > java.lang.IllegalArgumentException: Invalid character found in the
> request
> > target. The valid characters are defined i
Hi,
Check this thread:
https://lists.apache.org/thread.html/r1f83f0c731a8737fdf4dad13ae402acd2fdc1ab1a86605af5b496a5f%40%3Cusers.tomcat.apache.org%3E
On Thu, Mar 5, 2020 at 3:53 PM Piyush Kumar Nayak
wrote:
>
> Is there a way to get Tomcat's AJP connector to bind to both IPv4 and IPv6
> loopba
Is there a way to get Tomcat's AJP connector to bind to both IPv4 and IPv6
loopback addresses.
By default, it seems that Tomcat binds to IPv4 loopback
Default connector config :
netstat -ano | findstr 8014
TCP 127.0.0.1:8014 0.0.0.0:0 LISTENING 8616
TCP 127.0.0.1:8014 127.0.0.1:57510 ESTABLISH
Hi Dave,
On Thu, Mar 5, 2020 at 1:22 PM Dave Ford wrote:
> On Wed, 2020-03-04 at 13:19 -0500, Christopher Schultz wrote:
> >
> > > We're in the same position as you. External web servers talking
> > > to Tomcat servers on other boxes via AJP.
> >
> > Are those connections properly secured?
>
>
On Wed, 2020-03-04 at 13:19 -0500, Christopher Schultz wrote:
>
> > We're in the same position as you. External web servers talking
> > to Tomcat servers on other boxes via AJP.
>
> Are those connections properly secured?
That's not a tremendously helpful question. Which connections are you
ta
On 05/03/2020 07:12, "Jürgen Göres" wrote:
>>> My first question is: what value do I need to set in the "address"
>>> attribute to indicate that I want the connector to listen on ALL interfaces
>>> (for IPv4 AND IPv6)? Maybe that should be documented. :-)
>>
>> It will vary by system. Some syste
Hi,
On Wed, Mar 4, 2020 at 5:58 PM Iowa Research
wrote:
> I am encountering a 255 character limit in the g! shell when running Tomcat
> 9.0.31. I do not see the issue in Tomcat 7. I have searched for solutions
> to this issue but have been unsuccessful. Any help is greatly appreciated.
>
Could
Am 05.03.2020 08:12, schrieb Jürgen Göres:
Ghostcat is the name of a malware strain that has been around since at
least October last year. When referencing vulnerabilities it is best
to
stick to the CVE reference since they should be unique (and if
something
goes wrong and they aren't there ar
On Thu, Mar 5, 2020 at 10:05 AM Thomas Glanzmann
wrote:
> Hello Martin,
>
> > > This should be: secretRequired="false".
> > > This attribute has been renamed recently.
>
> I just looked at my notes, and I tried that already yesterday night.
> Still facing the same problem with 403. Might it be po
Hi,
On Wed, Mar 4, 2020 at 11:53 PM Bhavesh Mistry
wrote:
> Hi Tomcat Team,
>
> When there is invalid characters, it return error message with
> stacktrace as shown below. 1) is there any way to costmize error
> message ? if yes, please let me know.
>
> 2) Is there any way to spress stack-trace
Hello Martin,
> > This should be: secretRequired="false".
> > This attribute has been renamed recently.
I just looked at my notes, and I tried that already yesterday night.
Still facing the same problem with 403. Might it be possible that I need
to use a secret in order to access ajp from mod_jk?
Hello Martin,
> This should be: secretRequired="false".
> This attribute has been renamed recently.
thanks. I'll test later and let you know how it went.
Cheers,
Thomas
-
To unsubscribe, e-mail: users-unsubscr...@tomcat
Hi Thomas,
On Thu, Mar 5, 2020 at 3:53 AM Thomas Glanzmann wrote:
> Hello,
> the problem was that I edited the wrong server.xml. The one that was not
> used. So now that I figured that out, settings these two settings help.
>
>
>
>
> className="org.apache.catalina.core.JreMem
24 matches
Mail list logo
