Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-05-03 Thread Christopher Schultz
Shawn, On 4/29/22 18:18, Shawn Heisey wrote: Based on what I have been able to figure out, I think it's probably your cipher list.  If you are using the standard Java TLS and not the tomcat native library that uses openssl, then your cipher list is unlikely to work -- those look like openssl c

AW: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-04-29 Thread Thomas Hoffmann (Speed4Trade GmbH)
> -Ursprüngliche Nachricht- > Von: Shawn Heisey > Gesendet: Samstag, 30. April 2022 00:18 > An: users@tomcat.apache.org > Betreff: Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x > > On 4/29/22 12:14, Kaushal Shriyan wrote: > > Thanks Peter

Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-04-29 Thread Shawn Heisey
On 4/29/22 12:14, Kaushal Shriyan wrote: Thanks Peter for the link and it worked like a charm. I am running the tomcat version 9.0.56 on CentOS Linux release 7.9.2009 (Core). I have enabled the TLSv1.3 protocol as per the below block but when I ran the scan https://www.ssllabs.com/ssltest/analy

Re: AW: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-04-29 Thread Christopher Schultz
Thomas, On 4/29/22 02:44, Thomas Hoffmann (Speed4Trade GmbH) wrote: -Ursprüngliche Nachricht- Von: Christopher Schultz Gesendet: Freitag, 29. April 2022 01:10 An: users@tomcat.apache.org Betreff: Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x Kaushal, On 4/28/22 15

Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-04-29 Thread Kaushal Shriyan
> > > > -Ursprüngliche Nachricht- > > Von: Christopher Schultz > > Gesendet: Freitag, 29. April 2022 01:10 > > An: users@tomcat.apache.org > > Betreff: Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x > > > > Kaushal, > &g

AW: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-04-28 Thread Thomas Hoffmann (Speed4Trade GmbH)
> -Ursprüngliche Nachricht- > Von: Christopher Schultz > Gesendet: Freitag, 29. April 2022 01:10 > An: users@tomcat.apache.org > Betreff: Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x > > Kaushal, > > On 4/28/22 15:37, Kaushal Shriyan wrot

Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-04-28 Thread Christopher Schultz
Kaushal, On 4/28/22 15:37, Kaushal Shriyan wrote: On Fri, Apr 29, 2022 at 12:44 AM Peter Chiu wrote: This is what I am using. Hope this helps. https://orclcs.blogspot.com/2017/04/enable-hsts-in-tomcat.html Thanks Peter. Do I need to run tomcat on port 443 or 8443 to enable HTTP Strict Tran

Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-04-28 Thread Kaushal Shriyan
On Fri, Apr 29, 2022 at 12:44 AM Peter Chiu wrote: > This is what I am using. Hope this helps. > > https://orclcs.blogspot.com/2017/04/enable-hsts-in-tomcat.html Thanks Peter. Do I need to run tomcat on port 443 or 8443 to enable HTTP Strict Transport Security (HSTS). I will be unable to run to

Re: Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-04-28 Thread Peter Chiu
This is what I am using. Hope this helps. https://orclcs.blogspot.com/2017/04/enable-hsts-in-tomcat.html On Thu, Apr 28, 2022 at 3:11 PM Kaushal Shriyan wrote: > Hi, > > I am running the tomcat version 9.0.56 on CentOS Linux release 7.9.2009 > (Core) and trying to configure HTTP Strict Transpor

Enable HTTP Strict Transport Security (HSTS) in Tomcat 9.0.x

2022-04-28 Thread Kaushal Shriyan
Hi, I am running the tomcat version 9.0.56 on CentOS Linux release 7.9.2009 (Core) and trying to configure HTTP Strict Transport Security (HSTS) using /opt/tomcat9/conf/web.xml # ./version.sh Using CATALINA_BASE: /opt/tomcat9 Using CATALINA_HOME: /opt/tomcat9 Using CATALINA_TMPDIR: /opt/tomca