> Is it true that all traffic seen by Tomcat must have been sent over TLS
> between the user agent and AWS LB?
Yes, that is true, at least it is my understanding...
-Original Message-
From: Mark Thomas
Sent: Wednesday, August 31, 2022 12:57 PM
To: users@tomcat.apache.org
Subject: Re: [
On 31/08/2022 17:39, Yanhua Wusands wrote:
You are right, tomcat is sitting behind AWS LB, where is ssl enabled, once it
is passed that, tomcat is set up to listen 8080.
If I understand you correctly, we will need to setup SSL in TOMCAT as well in
order to have HSTS working, is it right?
No.
You are right, tomcat is sitting behind AWS LB, where is ssl enabled, once it
is passed that, tomcat is set up to listen 8080.
If I understand you correctly, we will need to setup SSL in TOMCAT as well in
order to have HSTS working, is it right?
-Original Message-
From: Mark Thomas
Sen
You don't have any TLS connectors configured so the HSTS filter isn't
going to do anything.
Given you access the server via port 443 but Tomcat is only listening on
port 8080 you must have a reverse proxy configured somewhere that is
likely terminating the TLS.
You need to configure HSTS whe
-Original Message-
From: Mark Thomas
Sent: Wednesday, August 31, 2022 11:03 AM
To: users@tomcat.apache.org
Subject: [EXTERNAL] Re: How to setup Strict-Transport-Security in TOMCAT
On 31/08/2022 15:36, Yanhua Wusands wrote:
> We are using TOMC
On 31/08/2022 15:36, Yanhua Wusands wrote:
We are using TOMCAT 9.0.40 on linux, and are trying setup
Strict-Transport-Security per requirement from our security team.
We followed this note:
https://knowledge.broadcom.com/external/article/226769/enable-http-strict-transport-security-hs.html
Cha
We are using TOMCAT 9.0.40 on linux, and are trying setup
Strict-Transport-Security per requirement from our security team.
We followed this note:
https://knowledge.broadcom.com/external/article/226769/enable-http-strict-transport-security-hs.html
Changed $CATALINA_HOME/conf/web.xml
With:
