t;
>
> On 16/04/2024 01:06, Baron Fujimoto wrote:
> > From our perspective, it needn't be super timely. It would be more for
> > forensic confirmation that there's something we should consider. I think
> a
> > hysteresis behavior would be compatible with th
>From our perspective, it needn't be super timely. It would be more for
forensic confirmation that there's something we should consider. I think a
hysteresis behavior would be compatible with this.
On Mon, Apr 15, 2024 at 12:00 AM Mark Thomas wrote:
> On 11/04/2024 21:28, Baro
er Schultz <
ch...@christopherschultz.net> wrote:
> Baron,
>
> On 4/9/24 16:33, Baron Fujimoto wrote:
> > I'm investigating occasional 503 errors for our CAS service running in a
> > Tomcat 10.1.x container. The 503s appear to correlate with some traffic
> > spikes at
s
are reached? I'm basically trying to see if there is a good way to
more definitively determine what may have caused the 503s and what may be
feasible to mitigate them.
--
Baron Fujimoto ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
Doh! Well, that was a dumb mistake. Mahalo for pointing out the obvious.
On Sat, Sep 23, 2023 at 9:06 PM Konstantin Kolinko
wrote:
> пт, 22 сент. 2023 г. в 21:59, Baron Fujimoto :
> >
> >[...]
> >
> > I have the following defined in
alina log files, but
not localhost. Presumably I have a misconception about how this is supposed
to work or some other basic error?
--
Baron Fujimoto ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
On Wed, Nov 18, 2020 at 04:45:05PM +, Mark Thomas wrote:
On 18/11/2020 03:07, Baron Fujimoto wrote:
On Mon, Nov 16, 2020 at 09:47:03AM +, Mark Thomas wrote:
Have you tried adding ":-AES:+AESGCM" to the cipher string you are
already using?
I hadn't (did I miss w
On Mon, Nov 16, 2020 at 09:47:03AM +, Mark Thomas wrote:
On 14/11/2020 00:41, Baron Fujimoto wrote:
We're running Tomcat 8.5, currently configured with the following
OpenSSL cipher strings in our SSLHostConfig:
ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!PSK
We're running Tomcat 8.5, currently configured with the following OpenSSL
cipher strings in our SSLHostConfig:
ciphers="HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!PSK"
However, SSLLabs' server test reports that the following available ciphers are
weak:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
the vast majority of these mime-types? I.e., is it recommended to edit it down
to just those that the application is likely to use? It seems like it would be
less unwieldy if I did this, but I just want to make sure there's no compelling
downside to it.
--
Baron Fujimoto :: UH Information
wrote:
>On 11/05/18 03:35, Baron Fujimoto wrote:
>> Yes, the host is behind an F5 load balacer, but AFAIK it should be passing
>> all the TLS/SSL directly to the real host to handle.
>
>You don't say which Tomcat version is being used. I assume one of the
>8.5.x versi
H_AES_256_CBC_SHA384,
>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
>TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
>TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
>TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
>TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
> >
>
>
>On 5/10/18 2:45 PM, Baron Fujimoto
st-Practices#23-use-secure-cipher-suites>
[3]
<https://www.openssl.org/docs/manmaster/man1/ciphers.html#CIPHER-SUITE-NAMES>
[4]
<https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#SSL_Support_-_SSLHostConfig>
--
Baron Fujimoto :: UH Information Technology Services
minutas cant
On Thu, Apr 26, 2018 at 10:15:03AM +0100, Mark Thomas wrote:
>On 26/04/18 02:37, Baron Fujimoto wrote:
>> We're working on upgrading from 8.0.x to 8.5.x in preparation for 8.0's
>> impending EOL.
>> Our initial 8.5 deployment which essentially uses our legacy ser
uld now be handled by the nested
SSLHostConfig and Certificate elements; is this the case? I've been running
into snags trying to convert our lagacy config. Is there a migration guide I
may have missed?
--
Baron Fujimoto :: UH Information Technology Services
minutas cantorum, minutas b
seem to reference it yet, but it appears to be available in the
distribution archive(s). E.g.:
<http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.47/bin/>
Is this 8.0.47 blessed for use?
Aloha,
-baron
--
Baron Fujimoto :: UH Information Technolo
On Tue, Dec 15, 2015 at 09:37:45AM +0200, Violeta Georgieva wrote:
>Hello,
>
>2015-12-15 4:35 GMT+02:00 Baron Fujimoto :
>>
>> On Mon, Dec 14, 2015 at 09:12:20PM +, Mark Thomas wrote:
>> >On 14/12/2015 20:49, Baron Fujimoto wrote:
>> >> On Fri, Dec 11
On Mon, Dec 14, 2015 at 09:12:20PM +, Mark Thomas wrote:
>On 14/12/2015 20:49, Baron Fujimoto wrote:
>> On Fri, Dec 11, 2015 at 05:02:43PM -1000, Baron Fujimoto wrote:
>>> On Sat, Dec 12, 2015 at 12:16:01AM +, Mark Thomas wrote:
>
>
>
>>> I've conf
On Fri, Dec 11, 2015 at 05:02:43PM -1000, Baron Fujimoto wrote:
>On Sat, Dec 12, 2015 at 12:16:01AM +, Mark Thomas wrote:
>>On 12/12/2015 00:01, Baron Fujimoto wrote:
>>>
>>> On Fri, Dec 11, 2015 at 09:25:12PM +, Mark Thomas wrote:
>>>> On
On Sat, Dec 12, 2015 at 12:16:01AM +, Mark Thomas wrote:
>On 12/12/2015 00:01, Baron Fujimoto wrote:
>>
>> On Fri, Dec 11, 2015 at 09:25:12PM +, Mark Thomas wrote:
>>> On 11/12/2015 21:10, Baron Fujimoto wrote:
>>>> After upgrading Tomcat from 8.0.2
On Fri, Dec 11, 2015 at 09:25:12PM +, Mark Thomas wrote:
>On 11/12/2015 21:10, Baron Fujimoto wrote:
>> After upgrading Tomcat from 8.0.24 to 8.0.30, one of our applications
>> (Internet2's Grouper) "broke" with CSRF errors. Research turned up the
>>
is carefully
configured it with which URLs need protection, etc., it seems redundant
for the container to do it. And actually, since it has now apparently
broken the app, I would like to turn it off Tomcat's version.
--
Baron Fujimoto :: UH Information Technology Services
minutas cantoru
On Fri, Mar 20, 2015 at 05:46:42PM -0400, Christopher Schultz wrote:
>
>On 3/20/15 4:27 PM, Baron Fujimoto wrote:
>> I hope someone may be able to provide some insight or a solution to
>> a problem we encountered after I upgraded from Tomcat 6 to 8. We're
>> using To
at 8. Since then,
the cookies no longer seem to get wiped. Users are still logged in if
they revist any of the Google Apps.
Any suggestions or pointers on how to get this working again would
be most appreciated.
Aloha,
-baron
--
Baron Fujimoto :: UH Information Technology Services
minutas can
On Wed, Jan 09, 2013 at 01:08:01PM +0400, Konstantin Kolinko wrote:
>2013/1/9 Baron Fujimoto :
>> I'm attempting to mitigate BEAST (CVE-2011-3389) attacks on Tomcat 6.0.35.
>> My understanding is that the attack applies only to CBC ciphers, and that
>> RC4 ciphers a
s there
perhaps something in my testing methodology that accounts for these
unexpected results? Any advice would be appreciated.
Aloha,
-baron
--
Baron Fujimoto :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas car
26 matches
Mail list logo
