$cipher -connect $SERVER
Am I misunderstanding the use of the ciphers parameter? Or is there
perhaps something in my testing methodology that accounts for these
unexpected results? Any advice would be appreciated.
Aloha,
-baron
--
Baron Fujimoto ba...@hawaii.edu :: UH Information Technology
On Wed, Jan 09, 2013 at 01:08:01PM +0400, Konstantin Kolinko wrote:
2013/1/9 Baron Fujimoto ba...@hawaii.edu:
I'm attempting to mitigate BEAST (CVE-2011-3389) attacks on Tomcat 6.0.35.
My understanding is that the attack applies only to CBC ciphers, and that
RC4 ciphers are not vulnerable, so I
are still logged in if
they revist any of the Google Apps.
Any suggestions or pointers on how to get this working again would
be most appreciated.
Aloha,
-baron
--
Baron Fujimoto ba...@hawaii.edu :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus
On Fri, Mar 20, 2015 at 05:46:42PM -0400, Christopher Schultz wrote:
On 3/20/15 4:27 PM, Baron Fujimoto wrote:
I hope someone may be able to provide some insight or a solution to
a problem we encountered after I upgraded from Tomcat 6 to 8. We're
using Tomcat as the servlet container for our
On Fri, Dec 11, 2015 at 09:25:12PM +, Mark Thomas wrote:
>On 11/12/2015 21:10, Baron Fujimoto wrote:
>> After upgrading Tomcat from 8.0.24 to 8.0.30, one of our applications
>> (Internet2's Grouper) "broke" with CSRF errors. Research turned up the
>> fol
ly
configured it with which URLs need protection, etc., it seems redundant
for the container to do it. And actually, since it has now apparently
broken the app, I would like to turn it off Tomcat's version.
--
Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services
minu
On Mon, Dec 14, 2015 at 09:12:20PM +, Mark Thomas wrote:
>On 14/12/2015 20:49, Baron Fujimoto wrote:
>> On Fri, Dec 11, 2015 at 05:02:43PM -1000, Baron Fujimoto wrote:
>>> On Sat, Dec 12, 2015 at 12:16:01AM +, Mark Thomas wrote:
>
>
>
>>> I've confirmed
On Sat, Dec 12, 2015 at 12:16:01AM +, Mark Thomas wrote:
>On 12/12/2015 00:01, Baron Fujimoto wrote:
>>
>> On Fri, Dec 11, 2015 at 09:25:12PM +, Mark Thomas wrote:
>>> On 11/12/2015 21:10, Baron Fujimoto wrote:
>>>> After upgrading Tomcat from 8.0.2
On Tue, Dec 15, 2015 at 09:37:45AM +0200, Violeta Georgieva wrote:
>Hello,
>
>2015-12-15 4:35 GMT+02:00 Baron Fujimoto <ba...@hawaii.edu>:
>>
>> On Mon, Dec 14, 2015 at 09:12:20PM +, Mark Thomas wrote:
>> >On 14/12/2015 20:49, Baron Fujimoto wrote:
>
On Fri, Dec 11, 2015 at 05:02:43PM -1000, Baron Fujimoto wrote:
>On Sat, Dec 12, 2015 at 12:16:01AM +, Mark Thomas wrote:
>>On 12/12/2015 00:01, Baron Fujimoto wrote:
>>>
>>> On Fri, Dec 11, 2015 at 09:25:12PM +, Mark Thomas wrote:
>>>> On
to reference it yet, but it appears to be available in the
distribution archive(s). E.g.:
<http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.47/bin/>
Is this 8.0.47 blessed for use?
Aloha,
-baron
--
Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technol
-use-secure-cipher-suites>
[3]
<https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-SUITE-NAMES>
[4]
<https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig>
--
Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services
min
/18 03:35, Baron Fujimoto wrote:
>> Yes, the host is behind an F5 load balacer, but AFAIK it should be passing
>> all the TLS/SSL directly to the real host to handle.
>
>You don't say which Tomcat version is being used. I assume one of the
>8.5.x versions since the 8.5.x docs
TH_AES_256_CBC_SHA384,
>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
>TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
>TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
> >
>
>
>On
On Thu, Apr 26, 2018 at 10:15:03AM +0100, Mark Thomas wrote:
>On 26/04/18 02:37, Baron Fujimoto wrote:
>> We're working on upgrading from 8.0.x to 8.5.x in preparation for 8.0's
>> impending EOL.
>> Our initial 8.5 deployment which essentially uses our legacy server.xml SS
be handled by the nested
SSLHostConfig and Certificate elements; is this the case? I've been running
into snags trying to convert our lagacy config. Is there a migration guide I
may have missed?
--
Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services
minutas cantorum, m
the vast majority of these mime-types? I.e., is it recommended to edit it down
to just those that the application is likely to use? It seems like it would be
less unwieldy if I did this, but I just want to make sure there's no compelling
downside to it.
--
Baron Fujimoto :: UH Information Technology
We're running Tomcat 8.5, currently configured with the following OpenSSL
cipher strings in our SSLHostConfig:
ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!PSK"
However, SSLLabs' server test reports that the following available ciphers are
weak:
On Wed, Nov 18, 2020 at 04:45:05PM +, Mark Thomas wrote:
On 18/11/2020 03:07, Baron Fujimoto wrote:
On Mon, Nov 16, 2020 at 09:47:03AM +, Mark Thomas wrote:
Have you tried adding ":-AES:+AESGCM" to the cipher string you are
already using?
I hadn't (did I miss where
On Mon, Nov 16, 2020 at 09:47:03AM +, Mark Thomas wrote:
On 14/11/2020 00:41, Baron Fujimoto wrote:
We're running Tomcat 8.5, currently configured with the following
OpenSSL cipher strings in our SSLHostConfig:
ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!PSK"
, but
not localhost. Presumably I have a misconception about how this is supposed
to work or some other basic error?
--
Baron Fujimoto ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
Doh! Well, that was a dumb mistake. Mahalo for pointing out the obvious.
On Sat, Sep 23, 2023 at 9:06 PM Konstantin Kolinko
wrote:
> пт, 22 сент. 2023 г. в 21:59, Baron Fujimoto :
> >
> >[...]
> >
> > I have the following defined in
ch...@christopherschultz.net> wrote:
> Baron,
>
> On 4/9/24 16:33, Baron Fujimoto wrote:
> > I'm investigating occasional 503 errors for our CAS service running in a
> > Tomcat 10.1.x container. The 503s appear to correlate with some traffic
> > spikes at the same time.
&g
t;
> On 16/04/2024 01:06, Baron Fujimoto wrote:
> > From our perspective, it needn't be super timely. It would be more for
> > forensic confirmation that there's something we should consider. I think
> a
> > hysteresis behavior would be compatible with this.
> >
&
>From our perspective, it needn't be super timely. It would be more for
forensic confirmation that there's something we should consider. I think a
hysteresis behavior would be compatible with this.
On Mon, Apr 15, 2024 at 12:00 AM Mark Thomas wrote:
> On 11/04/2024 21:28, Baron Fujimoto
are reached? I'm basically trying to see if there is a good way to
more definitively determine what may have caused the 503s and what may be
feasible to mitigate them.
--
Baron Fujimoto ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
26 matches
Mail list logo