-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Tim,
On 11/20/18 11:42, Tim K wrote: >> >> Ignore the secure port. The code behind that setting was never >> implemented. We really should remove it. >> >> You want: >> >> http://tomcat.apache.org/tomcat-9.0-doc/config/cluster-interceptor.ht ml#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attr ibutes >> >> >> Mark > > > I'm having some trouble getting it working. Can you provide an > example of the new EncryptInterceptor with an algorithm and key? Each node in the cluster needs an interceptor configured, like this: <Interceptor className="org.apache.catalina.tribes.group.interceptors.EncryptIntercep tor" encryptionKey="[the key]" /> All nodes need the same key. The default algorithm (AES/CBC/PKCS12Padding) is sufficient. To generate a key, just get some random garbage and convert it into hex, like this: $ dd if=/dev/urandom bs=128 count=1 2>/dev/null | md5 That'll give you a 128-bit key you can use for encryption. You can also use a 256-bit key if you'd like, or a 192-bit key. For keys larger than 128 bite (32 bytes), you'll need to use a different signature algorithm such as sha1 or later. I just chose MD5 because it generates the right number of output characters for a 128-bit key. You can get your random key from anywhere, including pounding on the keyboard. Remember that the key must be in hex-encoded binary (so only characters 0-9 and a-f). - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlv0Qg0ACgkQHPApP6U8 pFhEMg//fqPv9UfiJ0H1XYSEhca0+XANYY11wdJCrUzjFZrBKweZtsPwBm6VErw1 65xx/SiBBtcbp317VoBNjrrMtgCWVxNuz9FG6YKqXuWu2PeFSlB9C8vHfsMEce2B 1Jk8TixIdw7zWx4IHVgQsPIKvszQ9YsjMeMa2wTK8Us1AB3HEkwHYiV84UckdQmH 3oac1rGS+4YxAvpYSe7WF4rRAusKkKLC/1hgbiF+pEPPoax2g8sDW/Upk2ijEWIe 5B5qrpH9fJIeuQjsR0xlZWEuyQ3KQpdu9j6DyhJnjAqBFLyyg6TiD3uD3M3ZO3es xgwlLd8C0BDS8ZzpvPOyN3IyygEwVas1+v8YHhqJF8VedGfZVkBplGKuNm7Yoqrg 1OxGGKCN06cVG+TbH3JzLfuhoYMNN92soqZH+Nm9BUf9G3A5Ll2oTDDYO1peyhHw kw3FigfUueNPM/sjb42wJp2QvSm9jpRDr8S/Vrv8SxpKmmwgGM/VDNlDcbccRQ5s FtY3inV9KNH7n2+V69yY8at50HKn4pTLvBRFncZ5pLoOE5DfhVt9PZeefMKzAQQd LGUJa7Fl+5wovL++Sclaf/MYBJ9BNSg1gpw+P33ga/c63G0JR9lzM9e8xYELJ6Mu 44GJAgwGzAOq2/TSimmVEffERRxXRTErRORMgG5Qo8KFDsfoDvo= =J0P5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
