Re: Tomcat SSL - Issue

2021-09-21 Thread Niranjan Babu Bommu 
Another way you get supported is TLS and the cipher suite.

nmap -sV --script ssl-enum-ciphers -p  
















nmap -sV --script ssl-enum-ciphers -p  



On Tue, Sep 21, 2021 at 5:25 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Priyanka,
>
> On 9/21/21 13:52, Kumawat, Priyanka wrote:
> > Hello Team ,
> >
> > Please find the error details as below -
> >
> > The site can’t provide a secure connection .
> >
> > xmotam01.phl.com uses an unsupported protocol
> >
> > ERR_SSL_VERSION or CIPHER MISMATCH
> >
> > Unsupported protocol – The client and server don;t support a common
> > protocol version.
>
> Many versions of Java 1.7 do not support TLSv1.2. Try running this tool
> under your Java 1.7 environment for some good information:
>
> https://github.com/ChristopherSchultz/ssltest
>
> -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

-- 
*Thanks*
*Niranjan*

Re: Tomcat 9.0 async read becomes blocking

2021-09-21 Thread Javateck 
Hi Chris,

Servlet 3.1 spec defines that ServletInputStream can be used to read as 
non-blocking way as long as there is data ready locally by calling isReady 
method and check the ready condition before calling read, and read should throw 
IllegalStateException if called by caller when data is not ready

Agree that InputStream read api is blocking by nature, but if the data is 
already there in local buffer, then it’s not, it’s just exposing as 
ServletInputStream

https://javaee.github.io/servlet-spec/downloads/servlet-3.1/Final/servlet-3_1-final.pdf




> On Sep 21, 2021, at 2:26 PM, Christopher Schultz 
>  wrote:
> 
> Andrew,
> 
>> On 9/21/21 13:54, Javateck wrote:
>> Hi,
>> With NIO connector with Servlet 3.1 support, I’m registering with a 
>> ReadListener, while it got the first read signal from tomcat container (I 
>> tried 9.0.19 and 9.0.53), the read call is blocked after isReady returns true
>>   if (ServletInputStream.isReady()) {
>>ServletInputStream.read(buffer);  // this becomes blocking
>>   }
>> I tried with jetty, it’s working fine
>> When I did the test, I was holding the sending packet from client side
>> Not sure whether anyone has tried this
> 
> InputStream is always blocking.
> 
> Are you trying to use async? That's not the way to use async...
> 
> -chris
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: Tomcat 9.0 async read becomes blocking

2021-09-21 Thread Christopher Schultz 

Andrew,

On 9/21/21 13:54, Javateck wrote:

Hi,

With NIO connector with Servlet 3.1 support, I’m registering with a 
ReadListener, while it got the first read signal from tomcat container (I tried 
9.0.19 and 9.0.53), the read call is blocked after isReady returns true

   if (ServletInputStream.isReady()) {
ServletInputStream.read(buffer);  // this becomes blocking
   }

I tried with jetty, it’s working fine

When I did the test, I was holding the sending packet from client side

Not sure whether anyone has tried this


InputStream is always blocking.

Are you trying to use async? That's not the way to use async...

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JASPIC AuthConfigProvider packaged with the web application not found

2021-09-21 Thread Bernd Schatz 

Hi,


Am 19.09.21 um 19:48 schrieb Keil, Matthias (ORISA Software GmbH):

Hello everyone and thanks for the hints.
They also work as expected and I can package the provider in the web 
application .

Nevertheless, the Configuration Reference 
(https://tomcat.apache.org/tomcat-9.0-doc/config/jaspic.html) suggests that you 
define your own provider in jaspic-providers.xml and Tomcat will then find it.
I am really only interested in a separate server auth module (SAM). Since I saw 
no way in the documentation to pack this into the web application. That's why I 
tried the way through the provider.



You want to define the class in the  jaspic-providers.xml but package 
the provider implementation(s) in the application(s) ?




As I said, your suggestions work, but there are also a number of additional 
classes needed to provide the actual SAM.
Thank you again


If you dont need the whole flexibility of JASPI you can also do 
something like this:



public class MyAuthProvider implements AuthConfigProvider, 
ServerAuthConfig, ServerAuthModule, ServerAuthContext



--
Greets
  Bernd









-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat SSL - Issue

2021-09-21 Thread Christopher Schultz 

Priyanka,

On 9/21/21 13:52, Kumawat, Priyanka wrote:

Hello Team ,

Please find the error details as below -

The site can’t provide a secure connection .

xmotam01.phl.com uses an unsupported protocol

ERR_SSL_VERSION or CIPHER MISMATCH

Unsupported protocol – The client and server don;t support a common 
protocol version.


Many versions of Java 1.7 do not support TLSv1.2. Try running this tool 
under your Java 1.7 environment for some good information:


https://github.com/ChristopherSchultz/ssltest

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Max outbound requests setting in Tomcat 9.X

2021-09-21 Thread John.E.Gregg 
Chandra,


> -Original Message-
> From: Gullapalli, Chandra Mouli 
> Sent: Tuesday, September 21, 2021 3:32 PM
> To: users@tomcat.apache.org
> Subject: Max outbound requests setting in Tomcat 9.X
> 
> Hi,
> 
> I know that we can set restrictions on the number of incoming requests to a
> Tomcat server. However if tomcat has to make an outbound http it has only
> max limit of 2 http outbound requests?
> Is there a way to increase the limit of max number of outbound requests
> from a tomcat server to an external url?
> 
> Ubuntu:18.04
> Tomcat: 9.X
> 
> 
> 
> Thank you
> Chandra

Tomcat has nothing to do without outbound connections.

Perhaps you're thinking of Apache HttpClient, which has a default of 2 
connections per route:

https://hc.apache.org/httpcomponents-client-4.5.x/current/tutorial/html/connmgmt.html



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Max outbound requests setting in Tomcat 9.X

2021-09-21 Thread Gullapalli, Chandra Mouli 
Hi,

I know that we can set restrictions on the number of incoming requests to a 
Tomcat server. However if tomcat has to make an outbound http it has only max 
limit of 2 http outbound requests?
Is there a way to increase the limit of max number of outbound requests from a 
tomcat server to an external url?

Ubuntu:18.04
Tomcat: 9.X



Thank you
Chandra

Re: Tomcat 9.0 async read becomes blocking

2021-09-21 Thread Javateck 
It’s happening in chunk encoding

> On Sep 21, 2021, at 10:54 AM, Javateck  wrote:
> 
> Hi,
> 
> With NIO connector with Servlet 3.1 support, I’m registering with a 
> ReadListener, while it got the first read signal from tomcat container (I 
> tried 9.0.19 and 9.0.53), the read call is blocked after isReady returns true
> 
>  if (ServletInputStream.isReady()) {
>   ServletInputStream.read(buffer);  // this becomes blocking
>  }
> 
> I tried with jetty, it’s working fine
> 
> When I did the test, I was holding the sending packet from client side
> 
> Not sure whether anyone has tried this
> 
> Thanks,
> Andrew
> 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 9.0 async read becomes blocking

2021-09-21 Thread Javateck 
Hi,

With NIO connector with Servlet 3.1 support, I’m registering with a 
ReadListener, while it got the first read signal from tomcat container (I tried 
9.0.19 and 9.0.53), the read call is blocked after isReady returns true

  if (ServletInputStream.isReady()) {
   ServletInputStream.read(buffer);  // this becomes blocking
  }

I tried with jetty, it’s working fine

When I did the test, I was holding the sending packet from client side

Not sure whether anyone has tried this

Thanks,
Andrew


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat SSL - Issue

2021-09-21 Thread Kumawat, Priyanka 
Hello Team ,

Please find the error details as below -

The site can't provide a secure connection .
xmotam01.phl.com uses an unsupported protocol

ERR_SSL_VERSION or CIPHER MISMATCH

Unsupported protocol - The client and server don;t support a common protocol 
version.


Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com
DL - 
ams-leveraged-webadmin-offsh...@dxc.com

DXC Technology





From: Kumawat, Priyanka
Sent: 21 September 2021 22:50
To: users@tomcat.apache.org
Subject: RE: Tomcat SSL - Issue

Attaching the screenshot again -

[cid:image001.jpg@01D7AF3F.3BF0B470]


Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com
DL - 
ams-leveraged-webadmin-offsh...@dxc.com

DXC Technology






From: Kumawat, Priyanka
Sent: 21 September 2021 22:45
To: users@tomcat.apache.org
Subject: Tomcat SSL - Issue

Hi Team ,

We are facing Issue while renewing SSL for the Tomcat/Apache application, the 
SSL was renewed and installed using the key tool . After installation when 
checking the https site it is giving error as given on the below screenshot - 
Could you please help us on this issue , is this related with TLS protocol or 
Cipher issue. The TLS using is TLS1.2 , java version - 1.7

[cid:image004.jpg@01D7AF3F.3BF0B470]

Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com
DL - 
ams-leveraged-webadmin-offsh...@dxc.com

DXC Technology






DXC Technology Company -- This message is transmitted to you by or on behalf of 
DXC Technology Company or one of its affiliates. It is intended exclusively for 
the addressee. The substance of this message, along with any attachments, may 
contain proprietary, confidential or privileged information or information that 
is otherwise legally exempt from disclosure. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended recipient 
of this message, you are not authorized to read, print, retain, copy or 
disseminate any part of this message. If you have received this message in 
error, please destroy and delete all copies and notify the sender by return 
e-mail. Regardless of content, this e-mail shall not operate to bind DXC 
Technology Company or any of its affiliates to any order or other contract 
unless pursuant to explicit written agreement or government initiative 
expressly permitting the use of e-mail for such purpose.

RE: Tomcat SSL - Issue

2021-09-21 Thread Kumawat, Priyanka 
Attaching the screenshot again -

[cid:image002.jpg@01D7AF3A.B6F2FA20]


Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com
DL - 
ams-leveraged-webadmin-offsh...@dxc.com

DXC Technology






From: Kumawat, Priyanka
Sent: 21 September 2021 22:45
To: users@tomcat.apache.org
Subject: Tomcat SSL - Issue

Hi Team ,

We are facing Issue while renewing SSL for the Tomcat/Apache application, the 
SSL was renewed and installed using the key tool . After installation when 
checking the https site it is giving error as given on the below screenshot - 
Could you please help us on this issue , is this related with TLS protocol or 
Cipher issue. The TLS using is TLS1.2 , java version - 1.7

[cid:image003.jpg@01D7AF3A.B6F2FA20]

Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com
DL - 
ams-leveraged-webadmin-offsh...@dxc.com

DXC Technology






DXC Technology Company -- This message is transmitted to you by or on behalf of 
DXC Technology Company or one of its affiliates. It is intended exclusively for 
the addressee. The substance of this message, along with any attachments, may 
contain proprietary, confidential or privileged information or information that 
is otherwise legally exempt from disclosure. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended recipient 
of this message, you are not authorized to read, print, retain, copy or 
disseminate any part of this message. If you have received this message in 
error, please destroy and delete all copies and notify the sender by return 
e-mail. Regardless of content, this e-mail shall not operate to bind DXC 
Technology Company or any of its affiliates to any order or other contract 
unless pursuant to explicit written agreement or government initiative 
expressly permitting the use of e-mail for such purpose.

Tomcat SSL - Issue

2021-09-21 Thread Kumawat, Priyanka 
Hi Team ,

We are facing Issue while renewing SSL for the Tomcat/Apache application, the 
SSL was renewed and installed using the key tool . After installation when 
checking the https site it is giving error as given on the below screenshot - 
Could you please help us on this issue , is this related with TLS protocol or 
Cipher issue. The TLS using is TLS1.2 , java version - 1.7

[cid:image001.jpg@01D7AF3A.03014DA0]

Thanks & Regards,

Priyanka Kumawat | Middleware Admin
T +91.7879364483
EMail - priyanka.kuma...@dxc.com
DL - 
ams-leveraged-webadmin-offsh...@dxc.com

DXC Technology






DXC Technology Company -- This message is transmitted to you by or on behalf of 
DXC Technology Company or one of its affiliates. It is intended exclusively for 
the addressee. The substance of this message, along with any attachments, may 
contain proprietary, confidential or privileged information or information that 
is otherwise legally exempt from disclosure. Any unauthorized review, use, 
disclosure or distribution is prohibited. If you are not the intended recipient 
of this message, you are not authorized to read, print, retain, copy or 
disseminate any part of this message. If you have received this message in 
error, please destroy and delete all copies and notify the sender by return 
e-mail. Regardless of content, this e-mail shall not operate to bind DXC 
Technology Company or any of its affiliates to any order or other contract 
unless pursuant to explicit written agreement or government initiative 
expressly permitting the use of e-mail for such purpose.

ApacheCon 2021 @Home Kicks off today 13:00 UTC

2021-09-21 Thread Christopher Schultz 

All,

ApacheCon @Home starts today at 13:00 UTC (15 minutes from now, as I 
write this). Please join us for opening keynotes followed by the Apache 
Tomcat presentation track featuring the following topics:


- Apache Tomcat: New and Upcoming
- HTTP/2, HTTP/3, and TLS Start of the Art in our Servers (httpd, ATS, 
Tomcat)

- Enabling FIPS for Tomcat
- Proxying to Tomcat with httpd
- Debugging complex issues in web applications
- Tomcat: From a Cluster to a Cloud
- Apache Tomcat: Enabling Scripting Languages in JSP

Plus join us at the Apache Tomcat BoF ("Birds-of-a-Feather") after the 
sessions end to meet other community members and committers, ask 
questions, etc.


See you there.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org