We are using TOMCAT 9.0.40 on linux, and are trying setup
Strict-Transport-Security per requirement from our security team.
We followed this note:
https://knowledge.broadcom.com/external/article/226769/enable-http-strict-transport-security-hs.html
Changed $CATALINA_HOME/conf/web.xml
With:
On 31/08/2022 15:36, Yanhua Wusands wrote:
We are using TOMCAT 9.0.40 on linux, and are trying setup
Strict-Transport-Security per requirement from our security team.
We followed this note:
https://knowledge.broadcom.com/external/article/226769/enable-http-strict-transport-security-hs.html
Cha
-Original Message-
From: Mark Thomas
Sent: Wednesday, August 31, 2022 11:03 AM
To: users@tomcat.apache.org
Subject: [EXTERNAL] Re: How to setup Strict-Transport-Security in TOMCAT
On 31/08/2022 15:36, Yanhua Wusands wrote:
> We are using TOMC
You don't have any TLS connectors configured so the HSTS filter isn't
going to do anything.
Given you access the server via port 443 but Tomcat is only listening on
port 8080 you must have a reverse proxy configured somewhere that is
likely terminating the TLS.
You need to configure HSTS whe
You are right, tomcat is sitting behind AWS LB, where is ssl enabled, once it
is passed that, tomcat is set up to listen 8080.
If I understand you correctly, we will need to setup SSL in TOMCAT as well in
order to have HSTS working, is it right?
-Original Message-
From: Mark Thomas
Sen
On 31/08/2022 17:39, Yanhua Wusands wrote:
You are right, tomcat is sitting behind AWS LB, where is ssl enabled, once it
is passed that, tomcat is set up to listen 8080.
If I understand you correctly, we will need to setup SSL in TOMCAT as well in
order to have HSTS working, is it right?
No.
> Is it true that all traffic seen by Tomcat must have been sent over TLS
> between the user agent and AWS LB?
Yes, that is true, at least it is my understanding...
-Original Message-
From: Mark Thomas
Sent: Wednesday, August 31, 2022 12:57 PM
To: users@tomcat.apache.org
Subject: Re: [
