Re: Issue with SSL connector in tomcat 10.0.23

bH) Sent: Monday, September 5, 2022 5:56 PM To: Tomcat Users List Subject: AW: Issue with SSL connector in tomcat 10.0.23 Hello, -Ursprüngliche Nachricht- Von: saicharan.bu...@wellsfargo.com.INVALID Gesendet: Montag, 5. September 2022 14:11 An: users@tomcat.apache.org Betreff: Issu

AW: Issue with SSL connector in tomcat 10.0.23

Hello Saicharan, > -Ursprüngliche Nachricht- > Von: saicharan.bu...@wellsfargo.com.INVALID > > Gesendet: Montag, 5. September 2022 15:37 > An: users@tomcat.apache.org > Betreff: RE: Issue with SSL connector in tomcat 10.0.23 > > Thanks Thomas, > > Now t

RE: Issue with SSL connector in tomcat 10.0.23

clientAuth in the documentation. PFB snippet of our server.xml file Thanks, Saicharan Burle -Original Message- From: Thomas Hoffmann (Speed4Trade GmbH) Sent: Monday, September 5, 2022 5:56 PM To: Tomcat Users List Subject: AW: Issue with SSL connector in tomcat 10.0

AW: Issue with SSL connector in tomcat 10.0.23

Hello, > -Ursprüngliche Nachricht- > Von: saicharan.bu...@wellsfargo.com.INVALID > > Gesendet: Montag, 5. September 2022 14:11 > An: users@tomcat.apache.org > Betreff: Issue with SSL connector in tomcat 10.0.23 > > Hi Team, > > We are facing issues with th

Issue with SSL connector in tomcat 10.0.23

Hi Team, We are facing issues with the Tomcat 10.0.23 version while starting as it's not accepting few of the SSL parameters. PFB error message 05-Sep-2022 04:51:01.144 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[HTTP/1

Re: Problem posting to Tomcat ssl connector ..

> >> I debugged the server and it's not reaching my component. >> >> Tomcat is killing the connection for some reason. >> >> Thought it might be maxSavePostSize .. bumped that up in the SSL >> connector. >> >> No dice. >> >> Re

Re: Problem posting to Tomcat ssl connector ..

gt; I debugged the server and it's not reaching my component. > > Tomcat is killing the connection for some reason. > > Thought it might be maxSavePostSize .. bumped that up in the SSL connector. > > No dice. > > Request post is around 300K. > > What's

Re: [OT] Problem posting to Tomcat ssl connector ..

John, On 5/28/21 20:17, John Dale wrote: ran apt-get install tomcat9 and it upgraded these packages: libtomcat9-java tomcat9 tomcat9-common Still did not resolve the issue, however. Looking for a guide to manually upgrade a package installed with apt-get. > > [repeated from elsewhere in the

Solved my Problem posting base64 image to Tomcat ssl connector on raspberry pi with JQuery and Ajax ..

and rebuilt. Reviewed and made configuration changes. It worked-out. Upgrading my ubuntu cloud instance next, which translates really well from the pi (systemd, apt-get etc). Not sure if it was a small configuration change to server.xml's ssl connector, or libraries that were fixed afte

Re: [OT] Problem posting to Tomcat ssl connector ..

ran apt-get install tomcat9 and it upgraded these packages: libtomcat9-java tomcat9 tomcat9-common Still did not resolve the issue, however. Looking for a guide to manually upgrade a package installed with apt-get. Suggestions? On 5/28/21, Christopher Schultz wrote: > John, > > On 5/28/21 15

Re: [OT] Problem posting to Tomcat ssl connector ..

The thick plottens. When I do apt-cache show tomcat9: Package: tomcat9 Version: 9.0.31-1~deb10u4 ... S .. simple and good way to upgrade this via apt-get? Or will I have to manually be overwriting stuff (yuck). John On 5/28/21, Christopher Schultz wrote: > John, > > On 5/28/21 15:32,

Re: [OT] Problem posting to Tomcat ssl connector ..

definitely related to the post size .. smaller images work, larger images do not work, but the larger images are only 500k, so it's not a maxpostsize issue. I'm running apache-tomcat-9.0.41, so this shouldn't apply: https://stackoverflow.com/questions/63050276/tomcat-9-long-https-request John

Re: [OT] Problem posting to Tomcat ssl connector ..

John, On 5/28/21 15:32, John Dale wrote: I debugged the server and it's not reaching my component. > > Request post is around 300K. Tomcat 9 on a raspberry pi 4 (w00t!). Maybe you are still just waiting around for that tiny CPU to run all that bytecode. /snark Seriously, though, I'd b

Problem posting to Tomcat ssl connector ..

. Thought it might be maxSavePostSize .. bumped that up in the SSL connector. No dice. Request post is around 300K. What's going on!? Tomcat 9 on a raspberry pi 4 (w00t!). Everything is working fantastically save this one item. S

Re: Tomcat SSL Connector - Http11NioProtocol - javax.crypto.ShortBufferException on second request

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andrea, On 4/14/20 04:29, Parigino Andrea Aiello wrote: > Il giorno lun 13 apr 2020 alle ore 21:49 Rémy Maucherat > ha scritto: > >> On Mon, Apr 13, 2020 at 7:07 PM Mark Thomas >> wrote: >> >>> On 13/04/2020 11:39, Parigino Andrea Aiello wrote: >>

Re: Tomcat SSL Connector - Http11NioProtocol - javax.crypto.ShortBufferException on second request

Il giorno lun 13 apr 2020 alle ore 21:49 Rémy Maucherat ha scritto: > On Mon, Apr 13, 2020 at 7:07 PM Mark Thomas wrote: > > > On 13/04/2020 11:39, Parigino Andrea Aiello wrote: > > > Hello! > > > i'm having a problem with Tomcat 8.5.51 hosting my Spring Boot 2 > > > application (with 2-way SSL)

Re: Tomcat SSL Connector - Http11NioProtocol - javax.crypto.ShortBufferException on second request

On Mon, Apr 13, 2020 at 7:07 PM Mark Thomas wrote: > On 13/04/2020 11:39, Parigino Andrea Aiello wrote: > > Hello! > > i'm having a problem with Tomcat 8.5.51 hosting my Spring Boot 2 > > application (with 2-way SSL); > > The first thing to do is to update to 8.5.54 and re-test. > Also test Open

Re: Tomcat SSL Connector - Http11NioProtocol - javax.crypto.ShortBufferException on second request

On 13/04/2020 11:39, Parigino Andrea Aiello wrote: > Hello! > i'm having a problem with Tomcat 8.5.51 hosting my Spring Boot 2 > application (with 2-way SSL); The first thing to do is to update to 8.5.54 and re-test. Mark > In short is an application with both server and client SOAP interfaces >

Tomcat SSL Connector - Http11NioProtocol - javax.crypto.ShortBufferException on second request

Hello! i'm having a problem with Tomcat 8.5.51 hosting my Spring Boot 2 application (with 2-way SSL); In short is an application with both server and client SOAP interfaces (first called as server, then it act as client). The problem: on first request (sent by SoapUI or other external client) every

Re: converting 8.0.x ssl Connector to 8.5.x sslHostConfig

On Thu, Apr 26, 2018 at 10:15:03AM +0100, Mark Thomas wrote: >On 26/04/18 02:37, Baron Fujimoto wrote: >> We're working on upgrading from 8.0.x to 8.5.x in preparation for 8.0's >> impending EOL. >> Our initial 8.5 deployment which essentially uses our legacy server.xml SSL >> connectors from 8.0

Re: converting 8.0.x ssl Connector to 8.5.x sslHostConfig

On 26/04/18 02:37, Baron Fujimoto wrote: > We're working on upgrading from 8.0.x to 8.5.x in preparation for 8.0's > impending EOL. > Our initial 8.5 deployment which essentially uses our legacy server.xml SSL > connectors from 8.0 seems to work as expected. The HTTP Connector > documentation su

converting 8.0.x ssl Connector to 8.5.x sslHostConfig

We're working on upgrading from 8.0.x to 8.5.x in preparation for 8.0's impending EOL. Our initial 8.5 deployment which essentially uses our legacy server.xml SSL connectors from 8.0 seems to work as expected. The HTTP Connector documentation suggests that the SSL configuration should now be han

Re: Converting an SSL connector tag from Tomcat 7 format to Tomcat 8.5 format -- WHAT GOES WHERE?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 James, On 9/6/17 3:52 PM, James H. H. Lampert wrote: > On 9/6/17, 11:19 AM, Mark Thomas wrote: > >> The old format will work with 8.5.x. >> >> What were the stack traces? > > And Alejandro Vargas wanted to see the stack traces, too. > > Seeing a

Re: Converting an SSL connector tag from Tomcat 7 format to Tomcat 8.5 format -- WHAT GOES WHERE?

On 9/6/17, 11:19 AM, Mark Thomas wrote: The old format will work with 8.5.x. What were the stack traces? And Alejandro Vargas wanted to see the stack traces, too. Seeing as how this was the first stack trace (of 20, most with "caused by" sub-stack-traces): java.lang.ClassNotFoundExcepti

Re: Converting an SSL connector tag from Tomcat 7 format to Tomcat 8.5 format -- WHAT GOES WHERE?

On 06/09/17 18:46, James H. H. Lampert wrote: > I have a Tomcat 7 SSL connector tag: > >> >compression="on" noCompressionUserAgents="gozilla, traviata" >>maxThreads="150" SSLEnabled="true" scheme="h

Converting an SSL connector tag from Tomcat 7 format to Tomcat 8.5 format -- WHAT GOES WHERE?

I have a Tomcat 7 SSL connector tag: (the names have been changed to protect the innocent) When I plugged that into a Tomcat 8.5 server.xml, it took down the whole server, with numerous stack-traces in catalina.out. So I looked again at the model SSL connector tag for JSSE in the Tomcat

Re: Setting up HTTP/2 with no SSL connector ?

na.connector.Request#newPushBuilder returns > >null. > >Processor is a Http11Processor and it does not override the return > >false > >of org.apache.coyote.AbstractProcessor#isPushSupported. It's as if the > >upgrade did not plug in. > > > >Using the apr

Re: Setting up HTTP/2 with no SSL connector ?

rt HTTP >upgrade >to [h2c] > >However org.apache.catalina.connector.Request#newPushBuilder returns >null. >Processor is a Http11Processor and it does not override the return >false >of org.apache.coyote.AbstractProcessor#isPushSupported. It's as if the >upgrade did not plug i

Re: Setting up HTTP/2 with no SSL connector ?

Am 30.03.2017 um 21:53 schrieb Laurent Perez: > Client is Chrome 56. Where could I check in tomcat source to see if the > client is sending the h2c upgrade token ? >>> I managed to run the servlets/serverpush/simpleimage HTTP/2 push example >>> from Tomcat 9 trunk with the SSL Http11AprProtocol c

Re: Setting up HTTP/2 with no SSL connector ?

ushBuilder returns null. Processor is a Http11Processor and it does not override the return false of org.apache.coyote.AbstractProcessor#isPushSupported. It's as if the upgrade did not plug in. Using the apr+ssl connector, same client works fine (i.e pushBuilder is not null). Client is Chrome 56

Re: Setting up HTTP/2 with no SSL connector ?

id not fire. > > Is it possible to enable HTTP/2 with no SSL connector ? Yes. You need to add the block to an HTTP connector. You should see in the start-up log that h2c is enabled via HTTP Upgrade. Mark - To unsub

Setting up HTTP/2 with no SSL connector ?

between mod_proxy and Tomcat. But org.apache.coyote.AbstractProcessor#isPushSupported then returns false, as if the UpgradeProtocol did not fire. Is it possible to enable HTTP/2 with no SSL connector ? Thanks laurent -- http://cv.laurentperez.fr J2EE, HTML5, JS, CSS3

Re: Does Tomcat need a non-ssl connector?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Msh, On 2/16/16 9:16 PM, m...@kimwana.com wrote: > On Tue, Feb 16, 2016 at 08:52:50AM -0500, Christopher Schultz > wrote: >> >> >> If jsvc is working for you, what's the port number you chose for >> SSL? 8080? (That's odd, most people use 8443). Why

Re: Does Tomcat need a non-ssl connector?

On Tue, Feb 16, 2016 at 08:52:50AM -0500, Christopher Schultz wrote: > > > If jsvc is working for you, what's the port number you chose for SSL? > 8080? (That's odd, most people use 8443). Why not just use the standard > port for HTTPS? I want to use 443. I don't want proxies or to see the port

Re: Does Tomcat need a non-ssl connector?

Msh, On 2/14/16 3:25 PM, m...@kimwana.com wrote: > On Thu, Feb 11, 2016 at 02:17:38PM -0500, m...@kimwana.com wrote: > > redirectPort="443" /> > > clientAuth="false" > disableUploadTimeout="true" enableLookups="false" maxThreads="25" > keystoreFile="/opt/tomc

Re: Does Tomcat need a non-ssl connector?

Msh, On 2/13/16 12:28 PM, m...@kimwana.com wrote: > On Fri, Feb 12, 2016 at 05:36:56PM -0500, Christopher Schultz wrote: > Chuck, > > On 2/12/16 3:06 PM, Caldarale, Charles R wrote: >>>>> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] >>>>&g

Re: Does Tomcat need a non-ssl connector?

Woot! > If I want to run Tomcat using ssl only do I still need to set up a non-ssl > connector and redirect the port? > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional co

Re: Does Tomcat need a non-ssl connector?

On Fri, Feb 12, 2016 at 05:36:56PM -0500, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Chuck, > > On 2/12/16 3:06 PM, Caldarale, Charles R wrote: > >> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] > >> Sub

Re: Does Tomcat need a non-ssl connector?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 2/12/16 3:06 PM, Caldarale, Charles R wrote: >> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] >> Subject: Re: Does Tomcat need a non-ssl connector? > >> On 2/12/16, 11:40 AM, m...@kimwana.com wrote: &g

RE: Does Tomcat need a non-ssl connector?

> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] > Subject: Re: Does Tomcat need a non-ssl connector? > On 2/12/16, 11:40 AM, m...@kimwana.com wrote: > > Perhaps I should have phrased this differently. I want to force > > clients to ssl. When they hit http:

Re: Does Tomcat need a non-ssl connector?

On 2/12/16, 11:40 AM, m...@kimwana.com wrote: Perhaps I should have phrased this differently. I want to force clients to ssl. When they hit http://app.myurl.com their browser should load https://app.myurl.com Wouldn't mind knowing that myself. All the Tomcat installations I'm responsible for a

Re: Does Tomcat need a non-ssl connector?

On Thu, Feb 11, 2016 at 02:33:06PM -0500, m...@kimwana.com wrote: > On Thu, Feb 11, 2016 at 07:19:10PM +, Mark Thomas wrote: > > On 11/02/2016 19:17, m...@kimwana.com wrote: > > > If I want to run Tomcat using ssl only do I still need to set up a > > > non-ssl conn

Re: Does Tomcat need a non-ssl connector?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Msh, On 2/11/16 2:33 PM, m...@kimwana.com wrote: > On Thu, Feb 11, 2016 at 07:19:10PM +, Mark Thomas wrote: >> On 11/02/2016 19:17, m...@kimwana.com wrote: >>> If I want to run Tomcat using ssl only do I still need to se

Re: Does Tomcat need a non-ssl connector?

On Thu, Feb 11, 2016 at 07:19:10PM +, Mark Thomas wrote: > On 11/02/2016 19:17, m...@kimwana.com wrote: > > If I want to run Tomcat using ssl only do I still need to set up a non-ssl > > connector and redirect the port? > > That depends if you want Tomcat to respond at a

Re: Does Tomcat need a non-ssl connector?

On 11/02/2016 19:17, m...@kimwana.com wrote: > If I want to run Tomcat using ssl only do I still need to set up a non-ssl > connector and redirect the port? That depends if you want Tomcat to respond at all if a user tries to use a non-TLS connection.

Does Tomcat need a non-ssl connector?

If I want to run Tomcat using ssl only do I still need to set up a non-ssl connector and redirect the port? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h

Re: Using different SSL-connector settings for various Context

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Арсений, On 2/4/14, 6:32 AM, Арсений Зинченко wrote: > Hi. > > Task is - have ability to use HTTP/HTTPS without clientAuth for > ROOT, but enable two-factor auth (clientAuth="true" and using > trustedstore.jks) for other Context. > > Can somebody

Re: Using different SSL-connector settings for various Context

Арсений Зинченко wrote: ... I tried google it - but nothing... Can you please give liink to something about it? I believe that this is all part of the Servlet Specification, which Tomcat only implements. So the Tomcat docs will not repeat everything. Look here for some pointers : http://

Re: Using different SSL-connector settings for various Context

> Please don't top post here. Respond below the text to which you are responding. It's easier to read that way. See below. Sorry - it's Google formatting if press "Answer". > That should be solvable just by the of each Context. I tried google it - but nothing... Can you please give liink to som

Re: Using different SSL-connector settings for various Context

Hi. Please don't top post here. Respond below the text to which you are responding. It's easier to read that way. See below. 2014-02-04 André Warnier : Арсений Зинченко wrote: Hi. Task is - have ability to use HTTP/HTTPS without clientAuth for ROOT, but enable two-factor auth (clientAuth=

Re: Using different SSL-connector settings for various Context

Yes, this is exactly what I'm want and I see this manual to. But - how to specify different clientAuth= for different Context's ? I found "SSL Authenticator Valve" - but there is nohting about how to do it... And I d

Re: Using different SSL-connector settings for various Context

Арсений Зинченко wrote: Hi. Task is - have ability to use HTTP/HTTPS without clientAuth for ROOT, but enable two-factor auth (clientAuth="true" and using trustedstore.jks) for other Context. Can somebody please any tips? I don't know much about SSL, but isn't the answer right here ? http://

Using different SSL-connector settings for various Context

Hi. Task is - have ability to use HTTP/HTTPS without clientAuth for ROOT, but enable two-factor auth (clientAuth="true" and using trustedstore.jks) for other Context. Can somebody please any tips?

RE: Better SSL connector setup

Apr 2013 13:48:25 - Issue 11342 Topics (messages 241110 through 241119) Re: Better SSL connector setup 241110 by: Mark Eggers Re: Resource management in new Tomcat JDBC connection pool. 24 by: Igor Urisman Re: Tomcat access log reveals hack attempt: "HEAD /manager/html

Re: Better SSL connector setup

: Tomcat Users List Subject: Re: Better SSL connector setup -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 4/9/13 11:54 AM, André Warnier wrote: Harris, Jeffrey E. wrote: Chris, -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday

Re: Better SSL connector setup

gt;>> -Original Message- From: Christopher Schultz >>>>> [mailto:ch...@christopherschultz.net] Sent: Tuesday, April >>>>> 09, 2013 10:01 AM To: Tomcat Users List Subject: Re: Better >>>>> SSL connector setup >>>>> >>>&

RE: Better SSL connector setup

> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, April 10, 2013 12:09 PM > To: Tomcat Users List > Subject: Re: Better SSL connector setup > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > >

Re: Better SSL connector setup

gt;>> 2013 10:01 AM To: Tomcat Users List Subject: Re: Better SSL >>> connector setup >>> >> >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >>> >>> Jeffrey, >>> >>> On 4/9/13 8:17 AM, Harris, Jeffrey E. wrote: &

Re: Better SSL connector setup

Harris, Jeffrey E. wrote: Chris, -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, April 09, 2013 10:01 AM To: Tomcat Users List Subject: Re: Better SSL connector setup -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 4/9

RE: Better SSL connector setup

Chris, > -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Tuesday, April 09, 2013 10:01 AM > To: Tomcat Users List > Subject: Re: Better SSL connector setup > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > &g

Re: Better SSL connector setup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 4/9/13 8:17 AM, Harris, Jeffrey E. wrote: > > >> -Original Message- From: André Warnier >> [mailto:a...@ice-sa.com] Sent: Tuesday, April 09, 2013 6:04 AM To: >> Tomcat Users List Subject: Re: Be

RE: Better SSL connector setup

> -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Tuesday, April 09, 2013 6:04 AM > To: Tomcat Users List > Subject: Re: Better SSL connector setup > > Christopher Schultz wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash:

Re: Better SSL connector setup

Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 4/8/13 8:25 PM, Martin Gainty wrote: Identification of keys and supported ciphers are an important for Key Exchange But before that happensThe certificates attributes are the only means the CA-Authority can v

Re: Better SSL connector setup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 4/8/13 8:25 PM, Martin Gainty wrote: > Identification of keys and supported ciphers are an important for > Key Exchange But before that happensThe certificates attributes are > the only means the CA-Authority can verify the the name in th

RE: Better SSL connector setup

s@tomcat.apache.org > Subject: Re: Better SSL connector setup > > Some notes from October 2011 referenced below: > > On 4/7/2013 8:47 AM, Christopher Schultz wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > Kevin, > > > >

Re: Better SSL connector setup

Some notes from October 2011 referenced below: On 4/7/2013 8:47 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kevin, On 4/6/13 10:10 PM, Kevin Jenkins wrote: I have a server that has two hosts: First: http://masterserver2.raknet.com/ Second (using alias) http

Re: Better SSL connector setup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kevin, On 4/6/13 10:10 PM, Kevin Jenkins wrote: > I have a server that has two hosts: First: > http://masterserver2.raknet.com/ > > Second (using alias) https://lobby3.raknet.com > > https://milestone.lo

RE: Better SSL connector setup

> -Original Message- > From: Kevin Jenkins [mailto:rak...@jenkinssoftware.com] > Sent: Saturday, April 06, 2013 10:10 PM > To: Tomcat Users List > Subject: Better SSL connector setup > > I have a server that has two hosts: > First: > http://masterserver2.ra

Better SSL connector setup

I have a server that has two hosts: First: http://masterserver2.raknet.com/ Second (using alias) https://lobby3.raknet.com https://milestone.lobby3.raknet.com:444/ I would like have access be on these specific URLS. Right now you can use untrusted URLs,

Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tim, On 3/3/13 4:18 PM, Tim Whittington wrote: > On Tue, Feb 19, 2013 at 10:59 AM, Giuseppe Sacco > wrote: [...] > >> I listed all providers here: >> http://centrum.lixper.it/~giuseppe/ipad-tomcat-list-ciphers-no-bouncycastle.html >> >> as you

Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

On Tue, Feb 19, 2013 at 10:59 AM, Giuseppe Sacco wrote: [...] > I listed all providers here: > http://centrum.lixper.it/~giuseppe/ipad-tomcat-list-ciphers-no-bouncycastle.html > as you may see, a few of them are TLS_RSA and TLS_DHE: > * TLS_RSA_WITH_AES_128_CBC_SHA > * TLS_RSA_WITH_AE

Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

On 18.02.2013 22:59, Giuseppe Sacco wrote: > A side note: is it possibile to put tomcat behind a web server and make > the latter encrypt in SSL? This would imply that communication between > the web server and tomcat would be in clear, but how do I create the > connector proxy* information? I may

Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

Hi Martin, Il giorno ven, 15/02/2013 alle 18.29 -0500, Martin Gainty ha scritto: > someone put cipherSuites patch on TC 7 Connector.. > > *IF you are implementing TC7 Connector with cipherSuites attribute support > and have not specified cipherSuites supported by your ppk keys* > then yes its t

Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

Hi Cris, Il giorno ven, 15/02/2013 alle 12.36 -0500, Christopher Schultz ha scritto: [...] > > Allow legacy hello messages: true [snip] http-192.168.1.55-8443-1, > > READ: SSLv3 Handshake, length = 75 *** ClientHello, SSLv3 > > RandomCookie: GMT: 1360933724 bytes = { 203, 86, 168, 88, 75, 77, >

RE: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

> Subject: Re: Tomcat does not accept connections from Safari on iPad vs an SSL > connector with JSSE ciphers > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Giuseppe, > > On 2/15/13 9:07 AM, Giuseppe Sacco wrote: > > Debugging the SSL handshake, I

Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Giuseppe, On 2/15/13 9:07 AM, Giuseppe Sacco wrote: > Debugging the SSL handshake, I found that the problem is really > about ciphers because the handshake fails with exception > javax.net.ssl.SSLHandshakeException: no cipher suites in common > >

Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

Debugging the SSL handshake, I found that the problem is really about ciphers because the handshake fails with exception javax.net.ssl.SSLHandshakeException: no cipher suites in common So, this is really something to be investigated in JSSE instead of tomcat. I am sorry for noise in this list :-(

Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

Il giorno ven, 15/02/2013 alle 09.39 +0100, Giuseppe Sacco ha scritto: > [...] > > > > > maxThreads="150" scheme="https" secure="true" clientAuth="false" > > > sslProtocol="TLS" proxyName="www.my-visible-name.tld" > > > proxyPort="8443" address="192.168.1.55" /> > > > > It's traditional to spe

Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

Il giorno gio, 14/02/2013 alle 11.38 -0500, Christopher Schultz ha scritto: [...] > > Tomcat version is the one shipped with Debian, and uses jdk > > 1.6.0_u39 with jce unrestricted policy. I also added bouncy castle > > jar in $JAVA_HOME/jre/lib/ext and added its provider in > > $JAVA_HOME/jre/li

RE: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

: Thursday, 14 February 2013 8:48 AM To: users@tomcat.apache.org Subject: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers Hi all, I have an application deployed on tomcat 6.0.35 and linux/amd64 with a JSSE https connector. When I try to connect to this site

Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

On Thu, Feb 14, 2013 at 11:38 AM, Christopher Schultz wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Giuseppe, > > On 2/13/13 4:47 PM, Giuseppe Sacco wrote: > > > > iPad does try a few times, changing the version number, but it > > fails every time and eventually stop. > > > > Wh

Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Giuseppe, On 2/13/13 4:47 PM, Giuseppe Sacco wrote: > I have an application deployed on tomcat 6.0.35 and linux/amd64 > with a JSSE https connector. When I try to connect to this site > with default iPad browser, I always get an error message about

Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers

Hi all, I have an application deployed on tomcat 6.0.35 and linux/amd64 with a JSSE https connector. When I try to connect to this site with default iPad browser, I always get an error message about the connection cannot be established. Tomcat version is the one shipped with Debian, and uses jdk 1

Re: Secure attribute of Catalina SSL Connector(APR)

On 01/04/2012 07:37, Teppei Yamada wrote: > Hi, > > > I don't want every session cookies to be secure cookies, so I > intentionally set secure attribute "false" in server,xml's SSL connector > tag. May I ask why? > (Actually tomcat native is compiled

Secure attribute of Catalina SSL Connector(APR)

Hi, I don't want every session cookies to be secure cookies, so I intentionally set secure attribute "false" in server,xml's SSL connector tag. (Actually tomcat native is compiled with OpenSSL and LD_LIBRARY_PATH is set, so the SSL connector is using APR in my case.) But eve

Re: [OT] migrating Tomcat 5.5 SSL Connector to 7.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 2/13/12 4:45 PM, Mark Lim wrote: > Thanks for offering, but we're already in certification. When > recertification comes up we'll certainly consider consolidating > security modules. Okay. Well, if you're willing to put our code into testi

Re: [OT] migrating Tomcat 5.5 SSL Connector to 7.0

Thanks for offering, but we're already in certification. When recertification comes up we'll certainly consider consolidating security modules. On 2/13/12 1:33 PM, "Christopher Schultz" wrote: >* PGP Signed by an unknown key > >Mark, > >On 1/6/12 7:05 PM, Mark Lim wrote: >> We are in the proces

Re: [OT] migrating Tomcat 5.5 SSL Connector to 7.0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 1/6/12 7:05 PM, Mark Lim wrote: > We are in the process of upgrading Tomcat 5.5 to Tomcat 7.0. > These Tomcat deployments use a custom FIPS 140-2 certified JSSE > implementation for their SSL Connectors. In case you are interested, Tomcats

Re: migrating Tomcat 5.5 SSL Connector to 7.0

There's been one request for follow up so I'll post our current findings. This is what we've identified that we need to do to get Tomcat running after moving from 5.5 to 7.0. At this point web application porting can commence. 1. We used several Tomcat classes (e.g. EndPoint, ServerSocketFactory)

Re: migrating Tomcat 5.5 SSL Connector to 7.0

Mark Lim wrote: >It seems that tomcat is trying the default JSSE implementation despite >the sslImplementationName attribute being set. Are there internal >precedence controls or does the classloader hierarchy matter or what? No, but what makes you assume what you are trying will work? You hav

migrating Tomcat 5.5 SSL Connector to 7.0

We are in the process of upgrading Tomcat 5.5 to Tomcat 7.0. These Tomcat deployments use a custom FIPS 140-2 certified JSSE implementation for their SSL Connectors. In Tomcat 5.5, the Connectors are configured like this: which works fine. ( a listener appears on 41443 and one can do H

Re: Installing SSL connector for Tomcat on Linux/Debian

e the certificates where generated with OpenSLL on a Windows Platform. > > In addition, I included the following lines at the beginning of setclass > file > > CATALINA_OPTS="$CATALINA_OPTS > -Djava.library.path=/home/daniele/tomcat-6.0.2

Re: Installing SSL connector for Tomcat on Linux/Debian

ce/Connector} Setting property > 'clientAuth' to 'false' did not find a matching property. "clientAuth" is not a valid attribute for the APR SSL connector (though it /is/ valid for the non-APR connector). See http://tomcat.apache.org/tomcat-6.0-doc/config/ht

Re: Installing SSL connector for Tomcat on Linux/Debian

;m converting from redhat supported version of tomcat6 to open source tomcat6. SSL connector works fine when i use the redhat's version of the jar files... see diff of the lib dir between redhat's tomcat vs open source tomcat below: [r...@localhost srv]# diff redhat-tomcat/lib opensrc-to

Installing SSL connector for Tomcat on Linux/Debian

Hello everybody, I'm trying to set up a SSL transport layer, but I'm coming up against some difficulties. Specifically, I followed all the steps requires and specified as in the Tomcat guide - adding some suggestions I found around on several web site for the installation of APR libraries - but s

Re: ssl connector

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan, On 2/13/2009 12:09 AM, epicwin...@hotmail.com wrote: > The application I > am developing uses tomcat on the back end and a swing client on the > front with the Spring HttpInvoker. > > So first I got it working without apr. After I set up the c

RE: ssl connector

gt; To: users@tomcat.apache.org > Date: Thu, 12 Feb 2009 21:47:45 -0600 > Subject: RE: ssl connector > > > From: epicwin...@hotmail.com [mailto:epicwin...@hotmail.com] > > Subject: RE: ssl connector > > > > So I don't understand the docs where they suggest >

RE: ssl connector

> From: epicwin...@hotmail.com [mailto:epicwin...@hotmail.com] > Subject: RE: ssl connector > > So I don't understand the docs where they suggest > defining connectors with apr and without. APR is an additional, non-Java Tomcat component that utilizes code from http

RE: ssl connector

Thanks. So I don't understand the docs where they suggest defining connectors with apr and without. They show examples of 3 different connectors: org.apache.coyote.http11.Http11Protocol,org.apache.coyote.http11.Http11NioProtocol and org.apache.coyote.http11.Http11AprProtocol. Do I need to d

Re: Tomcat 6 HTTP / HTTP SSL Connector Port - Configuration Verification

On 18 Sep 2008 at 14:29, Gauss wrote: > Greetings, > > > > I am using Apache Tomcat 6.0 on Windows Server 2003. I'm not > serving any > pure HTML pages - all pages are JSPs, so I plan to use Tomcat in a > standalone mode. > > > > I want to use port 80 for HTTP and port 443 for HTTPS/SSL

  1   2   >