-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jason,
On 1/23/15 3:27 AM, Jason Y wrote: > Thank you Chris for your reply. > > I think I was mislead by this error. My services--both REST and > SOAP--are hosted by tomcat and used by downstream users with HTTPS. > They are running well for long time until some day one of > downstream developers reported that the WSDL URL cannot be > accessible by his browsers and his code either. Now accessible .. how? 404 response? Unexpected content in response? Infinite timeout? Connection refused? > At first I thought it was due to openSSL HeartBleed issue > <https://wiki.apache.org/tomcat/Security/Heartbleed> or POODLE > issue <http://wiki.apache.org/tomcat/Security/POODLE>. You have misunderstood the nature of those vulnerabilities. > So I made respective changes to server.xml and then restarted my > service. I added highlighted part as below: > > *<Connector port="8443" > protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" > SSLEnabled="true" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" keystoreFile="xxx" > keystorePass="xxx" />* It ran well after the restart, but last not > for long. Soon, the developer reported that he could not access the > service again. It was NOT fixed and I am so confused. Was it ever working, or had this "developer" even checked the service after the restart? > Yesterday, I was thinking why and how the user couldn't access the > service? Why not test it by myself? So I rolled back all my changes > and wrote code to call the service via REST and WSDL and both were > running OK! Sounds like WORKSFORME. > (Still I cannot open WSDL URL in my browsers, I think it is SSL > issue.) What happens when you try to open that WSDL URL in your browser? > Also, there is never a production user reporting this issue. So I > think it might be something wrong with the developer's code (it is > .NET code on which I have 0 knowledge), I will keep on watching > this. .NET can certainly call-up a web server and request a resource. You need more details from this person. Direct them here if you'd rather not be a go-between. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJUwr2KAAoJEBzwKT+lPKRY5G8QALcMs9brkM19I+EJSUAECXgB yk8PQ/Gtrn3tfN1lFh+m6AHLCYsb79tzTdjLJiVbtoIki9t2RDqFx3AIFJidVqZ7 uW4RnzJE4vgmKsLx6m5kkcjrW+4gwns2QO8eucfsyIyy6EtzvkXeJIXQBBBhf2F7 UKFkY4fjMlVN5yX6zTnOC9JT3JudAByWhbG0ERi7w1uTq2Jf43tBTMt6otL25Bqa 6i9glQPQdkVyelyCiyn4dBx4+C8DEWHr33XYgVP4n/XFN6uH31hdP0aV0BPnqZXg 3VEL59VScJHMwajQSwyQ9XpfE9/Wx2/BJLhyD7kiE90RSAR27kNIjVEGO+4nSmGv JywXaHosSfAbQltf37LcHBjsXgXk4Jeth27xGax/k5wiN6P+26SsKe943v9xO8GJ O+A6CvqhoKolRguszUcN7l+ueXQj1TYCrjTjuDrp9eDcaIN3+6RNXLG0lJAcnQ8i l3+8f6v8owRMv5R/5YGV6L912UoEi1q8v5RYY9Atp/Nk6cW7dFzQ1NXayiZrC7c0 OSQIJya8Cj6144TNFSQ0UcCFZcD/fi603PavrQxUxZIp0ZTgW1hay7qfsLBne5Ic t79WOUDOJjZDVTx6DHxpJwbaBX4qo1c0N+sNQP5G7uGRpOnGA/e3UJmuIld/0hw9 WSGaS1OUg68e2gnxz/2t =wzkK -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
