On 15/11/2015 00:29, Ognjen Blagojevic wrote: > Mark, > > On 13.11.2015 1:12, Mark Thomas wrote: >> The proposed Apache Tomcat 9.0.0.M1 release is now available for voting. > >> The proposed 9.0.0.M1 release is: >> [ ] Broken - do not release >> [X] Alpha - go ahead and release as 9.0.0.M1 > > Tested .zip distribution on Windows 7 64-bit, Oracle JDK 1.8.0_60 and > APR/native 1.2.2: > > - Tested TLS connectivity for NIO and APR connectors: > > * Thanks to Java 8 parameter (-Djdk.tls.ephemeralDHKeySize=2048) with > NIO and Native 1.2.2 with APR, I was able to configure DH key size >= > 2048. SSLTest is happy. > > * SSLTest also reports that APR/native does not serve full certificate > chain; instead, it serves only server certificate. The same APR config > serves full chain with Tomcat 8.0.28 + Native 1.2.2, so it seems to be a > regression. Not serving full chain might be a problem for some clients > -- browsers will probably work, but other clients may fail to establish > TLS connection.
Hmm. I'm sure this was working at one point. I'll retest it. > - Tested with several webapps that are in active development. Small > nuisances: > > * It seems that it is not possible anymore to use attribute "digest" > in realms. It would be nice if that is mentioned in release > announcement. I guess quite a number of people uses Realms with digest, > and they will need to adjust the config before switching to 9.0.0. digest is marked as deprecated in the Tomcat 8 docs. We can add that to the migration guide. > * Tomcat 9 uses DBCP2, so attribute names for connection pool are > different now (e.g. maxActive -> maxTotal). It would be nice to also add > that to the announcement. Tomcat 8 also uses DBCP 2 so there is no change here. This is covered in the 7.0.x to 8.0.x migration guide. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
