Le jeu. 24 août 2023 à 13:06, Christopher Schultz <
ch...@christopherschultz.net> a écrit :
> Daniel,
>
> On 8/23/23 13:03, Daniel Savard wrote:
> > I didn't specify the actual Tomcat version because the problem occurs
> under
> > all versions. We are running a
path to suit your configuration)
>
> Robert
>
Hi Robert,
I will look into it. For now, I cannot modify the system easily. I need to
plan a change for this with at least a one week notice and upon approval.
Will try to include this in a forthcoming change.
-
Daniel Savard
Le jeu. 24 août 2023 à 02:29, Thomas Hoffmann (Speed4Trade GmbH)
a écrit :
> Hello Daniel,
>
> > -Ursprüngliche Nachricht-----
> > Von: Daniel Savard
> > Gesendet: Mittwoch, 23. August 2023 19:03
> > An: users@tomcat.apache.org
> > Betreff: Tomcat
ly if it
crashes. Again, the problem is very unlikely to be with Tomcat itself, but
the tuning of the VM.
-
Daniel Savard
msg param " + userControlledParam);
>
>
No.
> Mfg
> Thomas
>
>
-
Daniel Savard
Thanks, very useful information to channel back to my team and beyond.
-
Daniel Savard
https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites
TLSv1.3 supports 5 cipher suites and none is in your list.
-
Daniel Savard
Le mar. 29 juin 2021 à 01:44, S Abirami a
écrit :
> Hi Christopher,
>
> Below is my Connector element, sslEnabledProtocols =TLSv1.2 ,TLS
nd I don't see any reason for
such a behavior.
Regards,
-
Daniel Savard
Le lun. 31 août 2020 à 11:13, Christopher Schultz <
ch...@christopherschultz.net> a écrit :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
>
> Daniel,
>
> On 8/28/20 20:46, Daniel Savard wrote:
> > Le ven. 28 août 2020 à 17:19, Darryl Philip Baker <
up being a RedHat only
question having nothing to do with Tomcat itself. From the Tomcat point of
view, you can only copy the file somewhere else where the RedHat scripts,
update procedures will not touch it and let Tomcat know where it is.
Regards,
-
Daniel Savard
icates. Just make a copy and put your certificates in the copy. In
fact, you may not need the original file at all if only self-signed
certificates are involved. All the certifications authorities in the file
are then useless to you.
Regards,
-
Daniel Savard
tes are stored in the Windows registry.
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/local-machine-and-current-user-certificate-stores
Since IIS is a Windows-only product, this is the simple thing for them to
do. Tomcat runs on various platforms and should support open and neutral
keystore formats instead.
-
Daniel Savard
other properties file. This is standard stuff.
The effect is the JVM now knows your port is a JMX port and it will stop to
try to use it when it is already in use and free it cleanly.
Regards,
-
Daniel Savard
>
>
to your case, that's why I didn't bother to
put it in my original post. But, you may have to use extra properties for
you particular situation.
Why did I say to put everything in the configuration file for
com.sun.management.config.file? Because that way, the JVM knows these are
for JMX and knows the port is for JMX and will not run into a nonesense
when stopping the service saying the port is already in use. That's why you
should put this into the configuration file and define the property to tell
the JVM the pathname of the configuration file.
Regards,
-
Daniel Savard
In ${Tomcat}/conf create the file management.properties and put your stuff
in this file like:
com.sun.management.jmxremote = true
com.sun.management.jmxremote.port = 9876
com.sun.management.registry.ssl =true
com.sun.management.ssl = true
com.sun.management.ssl.enebled.protocols = TLSv1.2
...
The
with this version or another one?
Regards,
-
Daniel Savard
omcat-8.5.12/lib
>> cp ./apache-tomcat-8.5.14/lib/websocket-api.jar
>> ../apps/apache-tomcat-8.5.12/lib
>>
>
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
Maybe a useless comment. However I upgraded from 8.0 to 8.5. I have both a
CATALINA_HOME and CATALINA_BASE and the upgrade was really easy and
summarizes almost entierly in changes for the new configuration syntax in
the server.xml file. Upgrading from a release to another is almost a no
brainer, as well as upgrading to a new Java version.
It may be a little more work to start with to setup two separated filetree,
but on the long run, it pays. I have to maintain and support about 70
instances of Tomcat and a dozen of applications as a sideline job.
-
Daniel Savard
Hi Chris,
2017-05-12 13:31 GMT-04:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Daniel,
>
> On 5/12/17 10:03 AM, Daniel Savard wrote:
> > Hi everyone,
> >
> > my question is not specific to the Tomcat version specified in
artup.
Is there a way to debug this problem? How can I see what is going on with
the execution of the rewriting class?
Regards,
-
Daniel Savard
n production at my shop and
it is working fine so far.
Regards,
-
Daniel Savard
urces consumption, you need to look at what your specific
applications need and what kind of workload you expect. Giving the amount
of RAM and the number of cores is useless. I run 9 instances of Tomcat on a
single server with 16 GB of RAM and 2 cores.
Regards,
-
Daniel Savard
2016-11-09 16:11 GMT-05:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Daniel,
>
> You don't seem to have received a response about this...
>
> On 10/11/16 2:13 PM, Daniel Savard wrote:
> > I have a problem which evade
Le 20 oct. 2016 3:21 PM, "André Warnier (tomcat)" a écrit :
>
> Maybe naive, and I have never tried any of this myself, but is there a
reason why you cannot use method 2 in
>
http://tomcat.apache.org/tomcat-8.0-doc/deployer-howto.html#A_word_on_Contexts
> in that scenario ?
>
Thanks, tested for m
ré,
thanks I will give it a try. I never used method 2 before and I just forgot
about it.
-----
Daniel Savard
cific to the web application?
BTW, if it is of any use, I am running Tomcat 8.0.36 and Oracle JDK
1.8.0_92.
Regards,
-
Daniel Savard
among the three following browsers:
IE 11, Chrome and Firefox. IE11 and Chrome are complaining about TLS
protocol error without saying anything about the cause of the error.
Any hints?
Regards,
-----
Daniel Savard
Your challenge is much more with Java 8 as already mentioned above if you
use a non-APR connector and with OpenSSL otherwise than with Tomcat itself.
-
Daniel Savard
2016-10-04 6:43 GMT-04:00 Garratt, Dave :
> To elaborate, there is only this single application running on
2016-09-22 6:16 GMT-04:00 André Warnier (tomcat) :
> Dono,
>
> Ok, this is really a long shot, and I really do not know what I am
> talking about..
>
> I just want to point out that in the course of doing some searches on the
> WWW with keywords related to your issue, I seemed several times to co
if your
OS support them. You can use umask to change the default behavior.
If security of log files is critical for your application, you should take
time to design the logging appropriately and don't expect someone else to
take care of all your concerns for you.
---------
Daniel Sav
ry of your Tomcat instance. I'm not sure
about the C: in the pathname. However, ${catalina.base}/conf/ is
portable and enables you to move you instance into another directory
without having to modify all the configuration files.
-
Daniel Savard
2016-07-13 15:56 GMT-04:00 Sean Son :
> Thank you for your answer guys. Is there anywhere in the Tomcat config
> files that I would need to specify the DNS name? Like in Apache we would
> specify the DNS name in a Virtualhost.
>
>
No.
---------
Daniel Savard
h two DNS entries. If none of these can be
resolved for your server, the certificate is considered invalid.
-----
Daniel Savard
#x27;s certificate chain
>>> (net::ERR_CERT_COMMON_NAME_INVALID).
>>>
>>> Looks like adding the keyAlias to the connector did not fix anything
>>> unfortunately.
>>>
>>
>
Did you examined the received certificate in the browser. Usually this help
to identify why it failed. In this case, the chain of certification seems
to be the problem.
-
Daniel Savard
d" keyAlias="{b81d8607-57e9-4c35-a058-cd46099e7797}"
> SSLEnabled="true" scheme="https" secure="true"
>clientAuth="false" sslProtocol="TLS" />
>
>
Yes.
-
Daniel Savard
omething different from the HMAC
for the certificate itself. However, if the user wants to ban the SHA-1
from the negociated symmetric encryption algorithm, he will have to set a
proper cipher suite to exclude anything without SHA-256 and more from the
accepted ciphers. You have to experiment with the openssl cipher command to
find out a proper combination.
-
Daniel Savard
ve the alias and Common Name clearly
identified on the output in a verbose format. Use the -v option to the
keytool command for this. No need to post everything here if you are unsure.
-
Daniel Savard
is sent. In this case, root.
The attribute to tell the connector which certificate to send, is keyAlias,
however it seems your certificate has no alias in the keystore.
-
Daniel Savard
and should
> get with the times) to either throw errors or at least log warnings for the
> cases where connection/authentication attempt is being made using SHA-1
> certificate?
>
No.
However, you can select the accepted ciphers to reject anything that
doesn't meet your standards.
-
Daniel Savard
t store shipped
with your version of Java will be used. If the clients trying to connect
are not having certificats signed by one of these, it will fails. It may
not be a problem in your case since you do not provide any details on the
clients' certificates.
Regards,
-
Daniel Savard
ound and asks
> "but why" :-)
>
>
Because previously you didn't complete the TLSv1.2 protocol handshaking
process given the fact you server didn't support it. It then negociated a
lesser protocol understood by both parties which happen to be TLSv1.0 (the
one set by the previous value of SSL_VERSION in your catalina.sh startup
file).
-
Daniel Savard
g it was setup by the vendor. I was assuming she was working from a
vanilla installation someone else has customized somewhat, hence my
suggestion to stick on vanilla catalina.sh and so on.
---------
Daniel Savard
e, you will see the sslProtocol
attribute is actually passing the value to Java 7. That's why there is no
need to temper with the catalina.sh to try to set this for Java before
hand. The proper way to configure Tomcat is to modify files in the conf
directory only. Playing with files in bin and lib is not a recommended
approach.
Daniel Savard
idn't mention which version of Java 7 exactly you are using. Did you
install the Unlimited JDK security package?
Did you read the documentation on TLS/SSL?
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
-
Daniel Savard
their customers, or is it normally a customer created file?
>
>
Hi Paul,
I assumed your previous configuration or the reference configuration is
doing so. Then, if you replicate the configuration it should do the same.
Regards,
---------
Daniel Savard
are upgrading to SM
9.41, Tomcat 8 and Java 8. So far, SM is running smoothly in all our
environments. Usually HP support whatever version of Tomcat you have,
provided it meets the minimum requirements or unless a specific bug exists
in your Tomcat version.
Regards,
-
Daniel Savard
x27;m not familiar with WAR files - is that the normal way to install new
> apps into Tomcat?)
>
WAR is the standard to distribute web applications.
Regards,
-
Daniel Savard
2016-06-10 15:09 GMT-04:00 paul.greene.va :
> Actually, I don't want to have parallel versions going; 7.0.53 needs to go
> away to address the vulnerabilities found in the audit scan. Ideally
> everything should be the same as it is now, with the only difference being
> the app is using 7.0.69 rat
2016-06-09 23:04 GMT-04:00 paul.greene.va :
> Hello All,
>
> I manage an HP application that uses Apache Tomcat as a 3rd party
> application. The installed Tomcat version is 7.0.53. Because of a recent
> audit scan I have to update it to the most current version (7.0.69). HP
> says - "not our appl
ated class while searching for the different values for
channelSendOptions.
Here:
http://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/tribes/group/interceptors/MessageDispatch15Interceptor.html
So, a little clarification would be appreciated.
Regards,
-
Daniel Savard
h the information they need to figure out whether this affects
> them or not.
>
> Mark
>
In doubt, I usually prefer to upgrade to latest version. I see no reason to
stick to a lower version unless a specific bug is know and has been
introduced into the latest version.
-
Daniel Savard
2016-05-06 14:27 GMT-04:00 Frederick Piña :
> Hi ! I'm using Tomcat Controller. It works fine (turning off/on, etc).
> However, after the confirmation page on my browser is shown; from Apache
> Tomcat 9; I still can't get the Java Web Application to load.
>
> Apache Tomcat 9 is working fine... But
2016-04-19 1:04 GMT-04:00 Ravi Chandra Suryavanshi <
ravi.chandra.suryavan...@ericsson.com>:
> Hi,
> I am using tomcat 6 in my product. I am planning to upgrade to tomcat 8 as
> tomcat is going to EoS in Dec-2016.
> I have just taken the performance of Tomcat 8 and found the 70% less
> performance
t may be helpful to be provided alternate solutions.
But, anyway, enough on this.
-
Daniel Savard
2016-03-19 17:02 GMT-04:00 André Warnier (tomcat) :
> Daniel,
>
> first of all, stop top-posting (this applies to both of you). This is not
> the style of posting desired on
at cluster.
-----
Daniel Savard
2016-03-19 15:40 GMT-04:00 Lyallex :
>
>
> On 19 March 2016 at 19:19, Daniel Savard wrote:
>> I see what you were trying to achieve, however I don't see much
>> interest in that.
>
> Really, I've been running a succes
any
other unprivileged port isn't a solution to your problem.
Regards,
---------
Daniel Savard
2016-03-19 12:10 GMT-04:00 Lyallex :
> It's the simplest way to find out which port you have Tomcat listening on
>
> *NIX based systems don't allow non root uses bi
Why? What is the point? The server.xml has nothing to do with
integration with systemd.
-
Daniel Savard
2016-03-19 1:40 GMT-04:00 Lyallex :
> Would you mind posting your server.xml, here is the relevant bit from mine.
>
>
>
> connectio
.
Regards,
-----
Daniel Savard
2016-03-16 23:56 GMT-04:00 Caldarale, Charles R :
>> From: Daniel Savard [mailto:daniel.sav...@gmail.com]
>> Subject: contextDestroyed() method not called
>
>> I noticed a problem with one of my web applications which requires
>> some cleanup
>From the manager clicking on the Stop button for the application. For
the instance, on Windows just stop the Tomcat service, on Linux, just
run the catalina.sh stop script.
-----
Daniel Savard
2016-03-17 8:47 GMT-04:00 Caldarale, Charles R :
>> From: Daniel Savard [mailto:d
g in Tomcat, so, I guess I
am doing something wrong. Someone can provide some guidance to
identify the cause of such undesirable behavior?
Regards,
-
Daniel Savard
-
To unsubscribe, e-mail: users-unsubscr...@tomc
content of my EnvironmentFile:
CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds"
CATALINA_BASE="/tomcat/tomcat-8-dev"
CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out"
JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74"
CATALINA_PID="/var/run/tomcat-8-dev
?
-
Daniel Savard
2016-03-17 19:08 GMT-04:00 Daniel Savard :
> From the manager clicking on the Stop button for the application. For
> the instance, on Windows just stop the Tomcat service, on Linux, just
> run the catalina.sh stop script.
> -----
> Daniel Savard
>
>
/[hostname]/mywebapp.xml instead of
adding the empty element in
$CATALINA_BASE/webapps/mywebapp/WEB-INF/web.xml.
It seems the former is not working, at least with Tomcat 8.0.32
-----
Daniel Savard
2016-03-08 15:08 GMT-05:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
I have to handle this in my code? Do I have to reinitialize the
connection pool if such an event happen?
Regards,
-
Daniel Savard
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional
term.
-
Daniel Savard
2016-03-08 10:48 GMT-05:00 Christopher Schultz :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Edwin,
>
> On 3/8/16 8:19 AM, Edwin Quijada wrote:
>> I am new using Tomcat so I have a question about performance. I
>> have
Your question has been answered and you shouldn't cross post questions.
-
Daniel Savard
2016-03-08 3:31 GMT-05:00 Chiranga Alwis :
> Hi,
>
> please refer the question in stackoverflow
> http://stackoverflow.com/questions/35862427/configuring-custom-tomcat-con
cope with
anything else, unfortunately.
-----
Daniel Savard
2016-02-14 7:06 GMT-05:00 Konstantin Kolinko :
> 2016-02-14 4:50 GMT+03:00 Daniel Savard :
>> Hi everyone,
>>
>> I am trying to perform a "build release" from source code for Tomcat
>> 8
es elevation
Obviously, the program requires more privileges than my current user.
How do I fix this to complete the process and create the installer
file for Windows?
Regards,
-
Daniel Savard
-
To unsubscribe, e-
nt where paging
activity is so high no useful work but paging take place. The system
is no longer usable at this point.
Hope I was able to clarify Chris' point a little bit.
Regards,
--
-
Daniel Savard
CiDS Inc.
Montreal, QC
Canada
-
That's an Opus Dei owned company, I fear. Unless you are seeking for
the anti-matter thing, you should rather than stay away of it.
2010/11/18 Martin Gainty
>
> can we get someone from the vatican to translate?
>
> Martin Gainty
> __
> Verzicht und Vert
orking. Does it compare or
not?
Daniel Savard
2010/9/29 Martin Gainty
>
> i always wondered by the big 5 billable rate started at 100 /hr
>
> BTW: dont forgot your armani suit and the lamberghini!
> Martin Gainty
>
Jorge,
Could you explain further what's the difference between an app
container and an app server? For me it seems pretty much the same.
Regards,
Daniel Savard
2010/9/24, Jorge Medina :
> Hey, you don't need a Big-5 consulting company.
> You need a a couple of experts: a netw
We are not talking about SNMP monitoring, but about SNMP as a tool to
interface between monitoring of the JVM and applications and a
centralized manager or integration with a manager of managers in an
enterprise-wide picture.
Daniel Savard
2010/5/20 Ozgur Ozdemircili :
> Are we loosing
So, decipher how the jconsole can be used as a monitoring tool? My
belief is it can be used to provide snmp agent services, but I have no
experience with it and I am curious to hear from others about it.
Daniel Savard
2010/5/20, Leon Rosenberg :
> On Thu, May 20, 2010 at 12:11 PM, Oz
73 matches
Mail list logo
