Re: [EXTERNAL] Re: Tomcat(9.0.13) Error in DEV Server

Hi Gary, see way below inline... > Am 16.04.2019 um 03:02 schrieb Hua, Gary - Saint Louis, MO - Contractor > : > > Luis: > > Thanks for your input. I put the following into > conf/logging.properties and add debug="99" in the Realm definition so I > can see more Realm logging inf

Re: Has anybody ever heard of "ECDHE-ECDSA-CHACHA20-POLY1305"? was Re: TLS protocols and cipher suites

Hi James, > Am 18.03.2019 um 23:49 schrieb James H. H. Lampert : > > I've just (same customer as before) been asked about > ECDHE-ECDSA-CHACHA20-POLY1305 > and ECDHE-RSA-CHACHA20-POLY1305 > > and I can't find either one on the Sun or IBM JSSE cipher lists for Java 8. > Most certainly only >=Ja

Re: Has anybody ever heard of "ECDHE-ECDSA-CHACHA20-POLY1305"? was Re: TLS protocols and cipher suites

Oh, and yes I’ve heard about them and used the RSA version! Peter > Am 18.03.2019 um 23:49 schrieb James H. H. Lampert : > > I've just (same customer as before) been asked about > ECDHE-ECDSA-CHACHA20-POLY1305 > and ECDHE-RSA-CHACHA20-POLY1305 > > and I can't find either one on the Sun or IBM

Re: Http insecure headers

>>>> i searched and found that need to add express filters in web config but >> >>>>> not >> >>>>> sure on where to add in filters. >> >>>>> >> >>>>> can you please guide me on same? >> >>>>> >>

Re: Http insecure headers

Hi Nitin, Per se this can be done by enabling the org.apache.catalina.filters.HttpHeaderSecurityFilter in the global or your webapp‘s web.xml For CSP you should write your own Filter. Beware though that Content Security Policy is nothing that can be enabled without application knowhow, the ri

Re: Question regarding mitigating the CVE-2017-12617 vulnerability

Michael, > Am 13.02.2019 um 22:03 schrieb Adams, Michael : > > Christopher, > Thanks for your input. It was very helpful. This afternoon, my > InfoSecurity technician who runs the Tripwire app believes Apache Tomcat vs > 8.5.13 is being flagged for the CVE-2017-12617 vulnerability solely off

Re: [EXTERNAL] Re: tomcat Finding!

Danyaal, > Am 18.12.2018 um 21:15 schrieb > : > > Added following to the Server.xml, still showing in the latest scan. > > showReport=false" showServerInfo="false" /> > > Thank you, > Danyaal > > -Original Message- > From: John Palmer [mailto:johnpalm...@gmail.com] > Sent: Friday

Re: Connection closed error and certificateVerification="required"

Mark, >> Am 18.04.2018 um 11:55 schrieb Mark Thomas : >> >> On 18/04/18 10:36, Richard Tearle wrote: >> On 17 April 2018 at 16:45, Richard Tearle >> wrote: >>> On 17 April 2018 at 14:54, Mark Thomas wrote: > On 17/04/18 11:36, Mark Thomas wrote: > On 17/04/18 10:14, Richard Tearle wrote

Re: Running as user tomcat

Hi Chris, > Am 23.02.2018 um 18:36 schrieb Cheltenham, Chris > : > > Hello All, > > I am trying to run tomcat as a non root user. > > It will start as the tomcat user but it will not bind to connector 443 unless > it starts as root. > > Does anyone know why? Unix will not let you open