have to
follow Olaf's suggestion of running it under a debugger if you want
immediate clarity on what's happening.
-chris
-Original Message-
From: Christopher Schultz
Sent: Thursday, April 27, 2023 10:16 AM
To: Tomcat Users List
Subject: Re: OT: hsts in Tomcat 9.0.73
Jon,
On 4/26
iginal Message-
> >> From: Christopher Schultz
> >> Sent: Tuesday, April 25, 2023 4:40 PM
> >> To: users@tomcat.apache.org
> >> Subject: Re: OT: hsts in Tomcat 9.0.73
> >>
> >> Jon,
> >>
> >> On 4/25/23 13:26, jo
the
server level.
It should be the same as what you put into conf/web.xml: just define the
and add /*.
-chris
-Original Message-
From: Christopher Schultz
Sent: Tuesday, April 25, 2023 4:40 PM
To: users@tomcat.apache.org
Subject: Re: OT: hsts in Tomcat 9.0.73
Jon,
On 4/25/23 13:26, j
t; To: users@tomcat.apache.org
> Subject: Re: OT: hsts in Tomcat 9.0.73
>
> Jon,
>
> On 4/25/23 13:26, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > keystoreFile="REMOVED"
> >
> ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_
>
chultz
Sent: Tuesday, April 25, 2023 10:04 AM
To: users@tomcat.apache.org
Subject: Re: OT: hsts in Tomcat 9.0.73
Jon,
On 4/25/23 10:31, jonmcalexan...@wellsfargo.com.INVALID wrote:
It's the Server level web.xml in conf
So it applies to all web applications.
I would recommend that you chan
Olaf,
On 4/22/23 03:13, Olaf Kock wrote:
Am 22.04.23 um 00:48 schrieb jonmcalexan...@wellsfargo.com.INVALID:
Thanks Peter,
I still do not see the hsts header. I'm wondering if this is causing it.
SSL certificate verify result: self signed certificate in certificate
chain (19), continuing
configuration in ROOT/WEB-INF/web.xml and nowhere else.
-chris
-Original Message-
From: Christopher Schultz
Sent: Tuesday, April 25, 2023 10:04 AM
To: users@tomcat.apache.org
Subject: Re: OT: hsts in Tomcat 9.0.73
Jon,
On 4/25/23 10:31, jonmcalexan...@wellsfargo.com.INVALID wrote:
It's
10:04 AM
> To: users@tomcat.apache.org
> Subject: Re: OT: hsts in Tomcat 9.0.73
>
> Jon,
>
> On 4/25/23 10:31, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > It's the Server level web.xml in conf
>
> So it applies to all web applications.
>
> I would recommend
this message. Thank you for
your cooperation.
> -Original Message-
> From: Christopher Schultz
> Sent: Tuesday, April 25, 2023 10:04 AM
> To: users@tomcat.apache.org
> Subject: Re: OT: hsts in Tomcat 9.0.73
>
> Jon,
>
> On 4/25/23 10:31, jonmcalexan...@w
application and you are all good.
What does your look like for port 8443?
-chris
-Original Message-
From: Christopher Schultz
Sent: Tuesday, April 25, 2023 9:15 AM
To: users@tomcat.apache.org
Subject: Re: OT: hsts in Tomcat 9.0.73
Jon,
On 4/20/23 16:39, jonmcalexan...@wellsfargo.com.INVALID
.
> -Original Message-
> From: Christopher Schultz
> Sent: Tuesday, April 25, 2023 9:15 AM
> To: users@tomcat.apache.org
> Subject: Re: OT: hsts in Tomcat 9.0.73
>
> Jon,
>
> On 4/20/23 16:39, jonmcalexan...@wellsfargo.com.INVALID wrote:
> > Hellow agai
Jon,
On 4/25/23 10:15, Christopher Schultz wrote:
Jon,
On 4/20/23 16:39, jonmcalexan...@wellsfargo.com.INVALID wrote:
Hellow again.
I hae another app team that is getting hit with a QID 11827 stating
that the hsts Security header is missing. We have reviewed the web.xml
and the appropriate
Jon,
On 4/20/23 16:39, jonmcalexan...@wellsfargo.com.INVALID wrote:
Hellow again.
I hae another app team that is getting hit with a QID 11827 stating that the
hsts Security header is missing. We have reviewed the web.xml and the
appropriate section and filter are present. hstsEnabled is set
10:15 AM
> To: Tomcat Users List
> Subject: Re: OT: hsts in Tomcat 9.0.73
>
> Jon,
>
>
>
> Peter Kreuser
> Liebknechtstr. 83
> 63303 Dreieich-Sprendlingen
> phone: +49 6103 9880863
> fax: +49 6103 9886215
> mobile: +49 172 6649346
> email: pe...@kre
mediately by reply e-mail and delete this message. Thank you for
> your cooperation.
>
>> -Original Message-
>> From: Olaf Kock
>> Sent: Saturday, April 22, 2023 2:14 AM
>> To: users@tomcat.apache.org
>> Subject: Re: OT: hsts in Tomcat 9.0.73
>>
>
advise
the sender immediately by reply e-mail and delete this message. Thank you for
your cooperation.
> -Original Message-
> From: Olaf Kock
> Sent: Saturday, April 22, 2023 2:14 AM
> To: users@tomcat.apache.org
> Subject: Re: OT: hsts in Tomcat 9.0.73
>
>
> Am 2
Am 22.04.23 um 00:48 schrieb jonmcalexan...@wellsfargo.com.INVALID:
Thanks Peter,
I still do not see the hsts header. I'm wondering if this is causing it.
SSL certificate verify result: self signed certificate in certificate chain
(19), continuing anyway.
I don't know why it's complaining
l * Explore * Inspire
> > Jon McAlexander
> > Senior Infrastructure Engineer
> > Asst. Vice President
> > He/His
> >
> > Middleware Product Engineering
> > Enterprise CIO | EAS | Middleware | Infrastructure Solutions
> >
> > 8080 Cobblestone Rd | Urba
, you
> must not use, copy, disclose, or take any action based on this message or any
> information herein. If you have received this message in error, please advise
> the sender immediately by reply e-mail and delete this message. Thank you for
> your cooperation.
>
>
ou for
your cooperation.
> -Original Message-
> From: Christopher Schultz
> Sent: Friday, April 21, 2023 1:17 PM
> To: users@tomcat.apache.org
> Subject: Re: OT: hsts in Tomcat 9.0.73
>
> Jon,
>
> On 4/21/23 11:47, jonmcalexan...@wellsfargo.com.INVALID w
April 21, 2023 1:58 PM
> To: Tomcat Users List
> Subject: Re: OT: hsts in Tomcat 9.0.73
>
> Jon,
>
> again, the Qualys Scanner usually does not know any other webcontexts
> than root, manager and examples. So if you don't have a root context, it may
> well end up in the w
this message in error, please advise
> the sender immediately by reply e-mail and delete this message. Thank you for
> your cooperation.
>
>
>> -Original Message-
>> From: Olaf Kock
>> Sent: Friday, April 21, 2023 1:48 AM
>> To: use
To: users@tomcat.apache.org
Subject: Re: OT: hsts in Tomcat 9.0.73
Am 21.04.23 um 07:03 schrieb jonmcalexan...@wellsfargo.com.INVALID:
No, there is no error and no stack trace. Everything works, just the hsts
header isn't in the list of headers.
The lowest hanging fruit: HSTS is only defined on https
> Sent: Friday, April 21, 2023 1:48 AM
> To: users@tomcat.apache.org
> Subject: Re: OT: hsts in Tomcat 9.0.73
>
>
> Am 21.04.23 um 07:03 schrieb jonmcalexan...@wellsfargo.com.INVALID:
> > No, there is no error and no stack trace. Everything works, just the hsts
> he
Am 21.04.23 um 07:03 schrieb jonmcalexan...@wellsfargo.com.INVALID:
No, there is no error and no stack trace. Everything works, just the hsts
header isn't in the list of headers.
The lowest hanging fruit: HSTS is only defined on https - on http it
doesn't have any meaning and Tomcat would
Peter Kreuser
> Sent: Thursday, April 20, 2023 4:44 PM
> To: Tomcat Users List
> Subject: Re: OT: hsts in Tomcat 9.0.73
>
> Any more details on the request?
>
> Are you hitting an error 400? Like with ip address on a name based host?
>
> That is handled prior to the filte
Any more details on the request?
Are you hitting an error 400? Like with ip address on a name based host?
That is handled prior to the filter and so you don't see the header!
Peter
> Am 20.04.2023 um 22:40 schrieb jonmcalexan...@wellsfargo.com.invalid:
>
> Hellow again.
>
> I hae another
27 matches
Mail list logo