BZ 54095 (gziped static resources) - missing VARY heade
I'm not sure, but I thing, there should be http header Vary: Accept-Encoding, when .gz version of the file is server by tomcat. This header seems to be missing in Tomcat 8.0.9 Pavel Cibulka
[Bug 56810] New: ANT: test target fails
https://issues.apache.org/bugzilla/show_bug.cgi?id=56810 Bug ID: 56810 Summary: ANT: test target fails Product: Tomcat 8 Version: trunk Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Util Assignee: dev@tomcat.apache.org Reporter: asaf.da...@gmail.com Created attachment 31870 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31870&action=edit ANT log showing the problem when trying to run the tests using ANT (ant test), the test fails during compilation. See attached ANT log file. The problem is in the class TesterOpenSSL which uses the method Process.waitFor(int,TimeUnit). This method does not exist in Java 7 (it was introduced in Java 8). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56810] ANT: test target fails
https://issues.apache.org/bugzilla/show_bug.cgi?id=56810 Asaf changed: What|Removed |Added CC||asaf.da...@gmail.com --- Comment #1 from Asaf --- Created attachment 31871 --> https://issues.apache.org/bugzilla/attachment.cgi?id=31871&action=edit patch a fix for the problem -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Tomcat Wiki] Update of "FAQ/Database" by OgnjenBlagojevic
Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "FAQ/Database" page has been changed by OgnjenBlagojevic: https://wiki.apache.org/tomcat/FAQ/Database?action=diff&rev1=7&rev2=8 Comment: Added information about JDBC 3 and Tomcat 8 == Questions == 1. [[#Q1|Is it safe to use JDBC-ODBC bridge in production environment?]] 1. [[#Q2|How to use Orache thin driver?]] + 1. [[#Q3|How to use JDBC 3 driver with Tomcat 8?]] == Answers == @@ -33, +34 @@ If you use the oracle thin driver, be sure to rename it to a jar file from a zip file. Tomcat only auto-magically loads files ending in .jar placed in a lib directory. It ignores all other file extensions. + <> + === How to use JDBC 3 driver with Tomcat 8 / DBCP 2? === + + One of the connection pool implementations in Tomcat 8 is DBCP 2, and DBCP 2 calls Connection.isValid(int) method when no validationQuery is specified. IsValid(int) method is introduced with JDBC 4. If you must use JDBC 3 driver with Tomcat 8 / DBCP 2, make sure that you specify validationQuery attribute in pool configuration. + + [[CategoryFAQ]] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615599 - in /tomcat/trunk: test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java webapps/docs/changelog.xml
Author: markt
Date: Mon Aug 4 14:59:31 2014
New Revision: 1615599
URL: http://svn.apache.org/r1615599
Log:
Remove use of Java 8 specific API call
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
tomcat/trunk/webapps/docs/changelog.xml
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java?rev=1615599&r1=1615598&r2=1615599&view=diff
==
---
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TesterOpenSSL.java
Mon Aug 4 14:59:31 2014
@@ -24,7 +24,6 @@ import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
-import java.util.concurrent.TimeUnit;
import org.apache.catalina.util.IOTools;
import org.apache.tomcat.util.http.fileupload.ByteArrayOutputStream;
@@ -180,7 +179,7 @@ public class TesterOpenSSL {
t2.start();
try {
-p.waitFor(2, TimeUnit.SECONDS);
+p.waitFor();
} catch (InterruptedException e) {
throw new IOException(e);
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1615599&r1=1615598&r2=1615599&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 4 14:59:31 2014
@@ -111,6 +111,10 @@
defined as HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5 so
that no weak ciphers are enabled by default. (remm)
+
+56810: Remove use of Java 8 specific API calls in unit tests
+for OpenSSL to JSSE cipher conversion. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56810] ANT: test target fails
https://issues.apache.org/bugzilla/show_bug.cgi?id=56810 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED OS||All --- Comment #2 from Mark Thomas --- Thanks for the report. The chances of this getting stuck are slim so I went for the simpler fix. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615602 - /tomcat/trunk/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/bugs/Bug53367.java
Author: markt
Date: Mon Aug 4 15:02:07 2014
New Revision: 1615602
URL: http://svn.apache.org/r1615602
Log:
Fix the Eclipse nags
Modified:
tomcat/trunk/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/bugs/Bug53367.java
Modified:
tomcat/trunk/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/bugs/Bug53367.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/bugs/Bug53367.java?rev=1615602&r1=1615601&r2=1615602&view=diff
==
---
tomcat/trunk/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/bugs/Bug53367.java
(original)
+++
tomcat/trunk/modules/jdbc-pool/src/test/java/org/apache/tomcat/jdbc/bugs/Bug53367.java
Mon Aug 4 15:02:07 2014
@@ -48,7 +48,7 @@ public class Bug53367 {
}
@Parameterized.Parameters
-public static Collection parameters() {
+public static Collection parameters() {
return Arrays.asList(new Object[][]{
new Object[] {Boolean.TRUE},
new Object[] {Boolean.FALSE},
@@ -102,7 +102,7 @@ public class Bug53367 {
Assert.assertEquals(threadsCount, pool.getActive());
Assert.assertEquals(threadsCount, pool.getSize());
-List threads = new ArrayList();
+List threads = new ArrayList<>();
for (int i = 0; i < threadsCount; i++) {
Thread thread = new Thread(new Runnable() {
@Override
@@ -138,7 +138,7 @@ public class Bug53367 {
Assert.assertEquals(threadsCount, pool.getSize());
final AtomicInteger failedCount = new AtomicInteger();
-final ArrayBlockingQueue cons = new
ArrayBlockingQueue(threadsCount);
+final ArrayBlockingQueue cons = new
ArrayBlockingQueue<>(threadsCount);
threads.clear();
for (int i = 0; i < threadsCount; i++) {
Thread thread = new Thread(new Runnable() {
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615607 - /tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Author: markt
Date: Mon Aug 4 15:07:58 2014
New Revision: 1615607
URL: http://svn.apache.org/r1615607
Log:
Start to test specifications
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1615607&r1=1615606&r2=1615607&view=diff
==
---
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Mon Aug 4 15:07:58 2014
@@ -463,6 +463,23 @@ public class TestOpenSSLCipherConfigurat
}
+// TODO: Add tests for the individual operators
+
+@Test
+public void testSpecification01() throws Exception {
+// Tomcat 8 default as of 2014-08-04
+testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5");
+}
+
+
+@Test
+@Ignore("Currently fails - figure out why")
+public void testSpecification02() throws Exception {
+// Suggestion from dev list
+
testSpecification("!aNULL:!eNULL:!EXPORT:!DSS:!DES:!SSLv2:ECDHE:ECDH:DHE:AES256-GCM-SHA384:AES128-GCM-SHA256:+RC4:HIGH:MEDIUM");
+}
+
+
private void testSpecification(String specification) throws Exception {
// Filter out cipher suites that OpenSSL does not implement
String openSSLCipherList =
TesterOpenSSL.getOpenSSLCiphersAsExpression(specification);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615621 - /tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Author: markt
Date: Mon Aug 4 15:44:24 2014
New Revision: 1615621
URL: http://svn.apache.org/r1615621
Log:
Figured out why test was failing
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1615621&r1=1615620&r2=1615621&view=diff
==
---
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Mon Aug 4 15:44:24 2014
@@ -198,14 +198,14 @@ public class TestOpenSSLCipherConfigurat
@Test
-@Ignore("Contrary to the docs, OpenSSL does not recognise kECDHE")
+@Ignore("Contrary to the docs, OpenSSL does not recognise ECDHE")
public void testECDHE() throws Exception {
testSpecification("ECDHE");
}
@Test
-@Ignore("Contrary to the docs, OpenSSL does not recognise kECDHE")
+@Ignore("Contrary to the docs, OpenSSL does not recognise EECDHE")
public void testEECDHE() throws Exception {
testSpecification("EECDHE");
}
@@ -473,10 +473,9 @@ public class TestOpenSSLCipherConfigurat
@Test
-@Ignore("Currently fails - figure out why")
public void testSpecification02() throws Exception {
-// Suggestion from dev list
-
testSpecification("!aNULL:!eNULL:!EXPORT:!DSS:!DES:!SSLv2:ECDHE:ECDH:DHE:AES256-GCM-SHA384:AES128-GCM-SHA256:+RC4:HIGH:MEDIUM");
+// Suggestion from dev list (s/ECDHE/kEECDH/, s/DHE/EDH/
+
testSpecification("!aNULL:!eNULL:!EXPORT:!DSS:!DES:!SSLv2:kEECDH:ECDH:EDH:AES256-GCM-SHA384:AES128-GCM-SHA256:+RC4:HIGH:MEDIUM");
//
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615687 - /tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Author: markt
Date: Mon Aug 4 17:03:53 2014
New Revision: 1615687
URL: http://svn.apache.org/r1615687
Log:
Add some notes
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java?rev=1615687&r1=1615686&r2=1615687&view=diff
==
---
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
(original)
+++
tomcat/trunk/test/org/apache/tomcat/util/net/jsse/openssl/TestOpenSSLCipherConfigurationParser.java
Mon Aug 4 17:03:53 2014
@@ -468,6 +468,8 @@ public class TestOpenSSLCipherConfigurat
@Test
public void testSpecification01() throws Exception {
// Tomcat 8 default as of 2014-08-04
+// This gets an A- from https://www.ssllabs.com/ssltest with no FS for
+// a number of the reference browsers
testSpecification("HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5");
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615693 - /tomcat/trunk/webapps/docs/config/http.xml
Author: markt Date: Mon Aug 4 17:08:49 2014 New Revision: 1615693 URL: http://svn.apache.org/r1615693 Log: Remove references to the deleted system property. Document the current default. Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=1615693&r1=1615692&r2=1615693&view=diff == --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Mon Aug 4 17:08:49 2014 @@ -1087,11 +1087,10 @@ The list can also use ':' as a separator, in that case it will use the OpenSSL syntax (see OpenSSL documentation for the list of ciphers supported and the syntax). - The default cipher suite can be set using the - tomcat.ssl.ciphers system property. - If not specified, the default ciphers - for the JVM will be used. Note that this usually means that the weak - export grade ciphers will be included in the list of available ciphers. + If not specified, a default (using the OpenSSL notation) of + HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5 will be used. + Note that Java does treat the order in which ciphers are defined as an + order of preference. @@ -1344,12 +1343,9 @@ - Ciphers which may be used for communicating with clients. - The default cipher suite can be set using the - tomcat.ssl.ciphers system property. The default - is "ALL", with other acceptable values being a list of ciphers, with ":" - used as the delimiter (see OpenSSL documentation for the list of ciphers - supported). + Ciphers which may be used for communicating with clients. The default + is HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5. See the OpenSSL + documentation for details of the syntax for this attribute. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: BZ 54095 (gziped static resources) - missing VARY heade
On 04/08/2014 12:24, Pavel Cibulka wrote: > I'm not sure, but I thing, there should be http header Vary: > Accept-Encoding, when .gz version of the file is server by tomcat. This > header seems to be missing in Tomcat 8.0.9 You are correct that a Vary header should be sent and also correct that it is missing in 8.0.9. This has been fixed in trunk and will be in the next 8.0.x release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615697 - in /tomcat/trunk: java/org/apache/catalina/servlets/DefaultServlet.java webapps/docs/changelog.xml
Author: markt
Date: Mon Aug 4 17:22:01 2014
New Revision: 1615697
URL: http://svn.apache.org/r1615697
Log:
When the gzip option is enabled for the DefaultServlet ensure that a suitable
Vary header is returned for resources that might be returned directly in
compressed form.
Modified:
tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1615697&r1=1615696&r2=1615697&view=diff
==
--- tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Mon Aug
4 17:22:01 2014
@@ -799,16 +799,15 @@ public class DefaultServlet extends Http
// Serve a gzipped version of the file if present
boolean usingGzippedVersion = false;
-if (gzip &&
-resource.isFile() &&
-!included &&
-!path.endsWith(".gz") &&
-checkIfGzip(request)) {
+if (gzip && resource.isFile() && !path.endsWith(".gz")) {
WebResource gzipResource = resources.getResource(path + ".gz");
if (gzipResource.exists() && gzipResource.isFile()) {
-response.addHeader("Content-Encoding", "gzip");
-resource = gzipResource;
-usingGzippedVersion = true;
+response.addHeader("Vary", "accept-encoding");
+if (!included && checkIfGzip(request)) {
+response.addHeader("Content-Encoding", "gzip");
+resource = gzipResource;
+usingGzippedVersion = true;
+}
}
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1615697&r1=1615696&r2=1615697&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 4 17:22:01 2014
@@ -80,6 +80,12 @@
and it need not be fatal when the Realm starts. Based on a patch by
Cédric Couralet. (markt)
+
+When the gzip option is enabled for the
+DefaultServlet ensure that a suitable Vary
+header is returned for resources that might be returned directly in
+compressed form.
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56802] WebSocket - socket set keep alive should be exposed
https://issues.apache.org/bugzilla/show_bug.cgi?id=56802 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #1 from Mark Thomas --- Bugzilla is not a discussion forum. Please take your question to the users mailing list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
request.getUserPrincipal() returns null in a ServletRequestListener#requestInitialized in tc-7.0.54
Hi! I've recently found out that getUserPrincipal() returns null in a Listener [1]. I remember that this used to return the correct Principal in older versions (might be some time already). Also from reading the spec I assumed it should work. Any infos on this? LieGrue, strub [1] http://svn.apache.org/repos/asf/openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityListener.java
svn commit: r1615710 - in /tomcat/trunk: java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java webapps/docs/changelog.xml
Author: markt
Date: Mon Aug 4 17:50:04 2014
New Revision: 1615710
URL: http://svn.apache.org/r1615710
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56796
Remove unnecessary sleep when stopping a web application.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
tomcat/trunk/webapps/docs/changelog.xml
Modified:
tomcat/trunk/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java?rev=1615710&r1=1615709&r2=1615710&view=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
Mon Aug 4 17:50:04 2014
@@ -197,18 +197,9 @@ public class ThreadPoolExecutor extends
// setCorePoolSize(0) wakes idle threads
this.setCorePoolSize(0);
-// wait a little so that idle threads wake and poll the queue again,
-// this time always with a timeout (queue.poll() instead of
-// queue.take())
-// even if we did not wait enough, TaskQueue.take() takes care of
timing
-// out, so that we are sure that all threads of the pool are renewed in
-// a limited time, something like
+// TaskQueue.take() takes care of timing out, so that we are sure that
+// all threads of the pool are renewed in a limited time, something
like
// (threadKeepAlive + longest request time)
-try {
-Thread.sleep(200L);
-} catch (InterruptedException e) {
-// yes, ignore
-}
if (taskQueue != null) {
// ok, restore the state of the queue and pool
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1615710&r1=1615709&r2=1615710&view=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 4 17:50:04 2014
@@ -86,6 +86,10 @@
header is returned for resources that might be returned directly in
compressed form.
+
+56796: Remove unnecessary sleep when stopping a web
+application. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615712 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java webapps/docs/changelog.xml
Author: markt
Date: Mon Aug 4 17:50:53 2014
New Revision: 1615712
URL: http://svn.apache.org/r1615712
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56796
Remove unnecessary sleep when stopping a web application.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc7.0.x/trunk/
--
Merged /tomcat/trunk:r1615710
Modified:
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java?rev=1615712&r1=1615711&r2=1615712&view=diff
==
---
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
(original)
+++
tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java
Mon Aug 4 17:50:53 2014
@@ -199,18 +199,9 @@ public class ThreadPoolExecutor extends
// setCorePoolSize(0) wakes idle threads
this.setCorePoolSize(0);
-// wait a little so that idle threads wake and poll the queue again,
-// this time always with a timeout (queue.poll() instead of
-// queue.take())
-// even if we did not wait enough, TaskQueue.take() takes care of
timing
-// out, so that we are sure that all threads of the pool are renewed in
-// a limited time, something like
+// TaskQueue.take() takes care of timing out, so that we are sure that
+// all threads of the pool are renewed in a limited time, something
like
// (threadKeepAlive + longest request time)
-try {
-Thread.sleep(200L);
-} catch (InterruptedException e) {
-// yes, ignore
-}
if (taskQueue != null) {
// ok, restore the state of the queue and pool
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1615712&r1=1615711&r2=1615712&view=diff
==
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Aug 4 17:50:53 2014
@@ -78,6 +78,10 @@
or backup javax.naming.directory.DirContext. Based on a
patch by Sheldon Shao. (violetagg)
+
+56796: Remove unnecessary sleep when stopping a web
+application. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56796] Avoid sleep usage in org.apache.tomcat.util.threads.ThreadPoolExecutor#contextStopping
https://issues.apache.org/bugzilla/show_bug.cgi?id=56796 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from Mark Thomas --- I don't see any reason for the sleep. I have removed it. The fix has been applied to 8.0.x for 8.0.11 onwards and to 7.0.x for 7.0.56 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in ASF Buildbot on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-trunk/builds/321 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source Stamp: [branch tomcat/trunk] 1615710 Blamelist: markt BUILD FAILED: failed compile sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in ASF Buildbot on tomcat-7-trunk
The Buildbot has detected a new failure on builder tomcat-7-trunk while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/tomcat-7-trunk/builds/199 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-vm_ubuntu Build Reason: scheduler Build Source Stamp: [branch tomcat/tc7.0.x/trunk] 1615712 Blamelist: markt BUILD FAILED: failed compile sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[RESULT][VOTE] Release Apache Tomcat 8.0.10
For the sake of completeness, record that this vote failed due to a regression. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615724 - in /tomcat/trunk: res/tomcat.nsi webapps/docs/changelog.xml
Author: markt Date: Mon Aug 4 18:42:46 2014 New Revision: 1615724 URL: http://svn.apache.org/r1615724 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56788 Display the full version in the list of installed applications when installed via the Windows installer package. Patch provided by Alexandre Garnier. Modified: tomcat/trunk/res/tomcat.nsi tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/res/tomcat.nsi URL: http://svn.apache.org/viewvc/tomcat/trunk/res/tomcat.nsi?rev=1615724&r1=1615723&r2=1615724&view=diff == --- tomcat/trunk/res/tomcat.nsi (original) +++ tomcat/trunk/res/tomcat.nsi Mon Aug 4 18:42:46 2014 @@ -345,6 +345,8 @@ Section -post WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Apache Tomcat @VERSION_MAJOR_MINOR@ $TomcatServiceName" \ "DisplayName" "Apache Tomcat @VERSION_MAJOR_MINOR@ $TomcatServiceName (remove only)" WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Apache Tomcat @VERSION_MAJOR_MINOR@ $TomcatServiceName" \ + "DisplayVersion" @VERSION@ + WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Apache Tomcat @VERSION_MAJOR_MINOR@ $TomcatServiceName" \ "DisplayIcon" "$\"$INSTDIR\tomcat.ico$\"" WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Apache Tomcat @VERSION_MAJOR_MINOR@ $TomcatServiceName" \ "UninstallString" "$\"$INSTDIR\Uninstall.exe$\" -ServiceName=$\"$TomcatServiceName$\"" Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1615724&r1=1615723&r2=1615724&view=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Aug 4 18:42:46 2014 @@ -156,6 +156,15 @@ + + + +56788: Display the full version in the list of installed +applications when installed via the Windows installer package. Patch +provided by Alexandre Garnier. (markt) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615725 - in /tomcat/tc7.0.x/trunk: ./ res/tomcat.nsi webapps/docs/changelog.xml
Author: markt Date: Mon Aug 4 18:43:42 2014 New Revision: 1615725 URL: http://svn.apache.org/r1615725 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56788 Display the full version in the list of installed applications when installed via the Windows installer package. Patch provided by Alexandre Garnier. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/res/tomcat.nsi tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ -- Merged /tomcat/trunk:r1615724 Modified: tomcat/tc7.0.x/trunk/res/tomcat.nsi URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/res/tomcat.nsi?rev=1615725&r1=1615724&r2=1615725&view=diff == --- tomcat/tc7.0.x/trunk/res/tomcat.nsi (original) +++ tomcat/tc7.0.x/trunk/res/tomcat.nsi Mon Aug 4 18:43:42 2014 @@ -345,6 +345,8 @@ Section -post WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Apache Tomcat @VERSION_MAJOR_MINOR@ $TomcatServiceName" \ "DisplayName" "Apache Tomcat @VERSION_MAJOR_MINOR@ $TomcatServiceName (remove only)" WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Apache Tomcat @VERSION_MAJOR_MINOR@ $TomcatServiceName" \ + "DisplayVersion" @VERSION@ + WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Apache Tomcat @VERSION_MAJOR_MINOR@ $TomcatServiceName" \ "DisplayIcon" "$\"$INSTDIR\tomcat.ico$\"" WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\Apache Tomcat @VERSION_MAJOR_MINOR@ $TomcatServiceName" \ "UninstallString" "$\"$INSTDIR\Uninstall.exe$\" -ServiceName=$\"$TomcatServiceName$\"" Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1615725&r1=1615724&r2=1615725&view=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Aug 4 18:43:42 2014 @@ -105,6 +105,15 @@ + + + +56788: Display the full version in the list of installed +applications when installed via the Windows installer package. Patch +provided by Alexandre Garnier. (markt) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56788] Set Version information in uninstaller on Windows
https://issues.apache.org/bugzilla/show_bug.cgi?id=56788 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED OS||All --- Comment #3 from Mark Thomas --- Thanks for the patch. This has been applied to 8.0.x for 8.0.11 onwards and to 7.0.x for 7.0.56 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615726 - in /tomcat/trunk: build.properties.default res/maven/mvn.properties.default
Author: markt Date: Mon Aug 4 18:44:44 2014 New Revision: 1615726 URL: http://svn.apache.org/r1615726 Log: Bump version number for next release Modified: tomcat/trunk/build.properties.default tomcat/trunk/res/maven/mvn.properties.default Modified: tomcat/trunk/build.properties.default URL: http://svn.apache.org/viewvc/tomcat/trunk/build.properties.default?rev=1615726&r1=1615725&r2=1615726&view=diff == --- tomcat/trunk/build.properties.default (original) +++ tomcat/trunk/build.properties.default Mon Aug 4 18:44:44 2014 @@ -25,7 +25,7 @@ # - Version Control Flags - version.major=8 version.minor=0 -version.build=10 +version.build=11 version.patch=0 version.suffix=-dev Modified: tomcat/trunk/res/maven/mvn.properties.default URL: http://svn.apache.org/viewvc/tomcat/trunk/res/maven/mvn.properties.default?rev=1615726&r1=1615725&r2=1615726&view=diff == --- tomcat/trunk/res/maven/mvn.properties.default (original) +++ tomcat/trunk/res/maven/mvn.properties.default Mon Aug 4 18:44:44 2014 @@ -35,7 +35,7 @@ maven.asf.release.repo.url=https://repos maven.asf.release.repo.repositoryId=apache.releases # Release version info -maven.asf.release.deploy.version=8.0.10 +maven.asf.release.deploy.version=8.0.11 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1615727 - /tomcat/trunk/res/maven/tomcat-embed-jasper.pom
Author: markt Date: Mon Aug 4 18:49:29 2014 New Revision: 1615727 URL: http://svn.apache.org/r1615727 Log: Switch to an official JAR that provides the necessary Eclipse compiler classes. Make it optional so folks embedding Tomcat can use javac if they prefer. Modified: tomcat/trunk/res/maven/tomcat-embed-jasper.pom Modified: tomcat/trunk/res/maven/tomcat-embed-jasper.pom URL: http://svn.apache.org/viewvc/tomcat/trunk/res/maven/tomcat-embed-jasper.pom?rev=1615727&r1=1615726&r2=1615727&view=diff == --- tomcat/trunk/res/maven/tomcat-embed-jasper.pom (original) +++ tomcat/trunk/res/maven/tomcat-embed-jasper.pom Mon Aug 4 18:49:29 2014 @@ -43,9 +43,10 @@ compile - org.eclipse.jdt.core.compiler - ecj - 4.4 + org.eclipse.tycho + org.eclipse.jdt.core + 3.10.0.v20140604-1726 + true - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: request.getUserPrincipal() returns null in a ServletRequestListener#requestInitialized in tc-7.0.54
It should return at least always a non null principal AFAIR, isn't it? 2014-08-04 19:33 GMT+02:00 Mark Struberg : > Hi! > > I've recently found out that getUserPrincipal() returns null in a Listener > [1]. > I remember that this used to return the correct Principal in older > versions (might be some time already). > Also from reading the spec I assumed it should work. > > Any infos on this? > > LieGrue, > strub > > > [1] > http://svn.apache.org/repos/asf/openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityListener.java > -- Jean-Louis
Re: request.getUserPrincipal() returns null in a ServletRequestListener#requestInitialized in tc-7.0.54
"Returns a java.security.Principal object containing the name of the current authenticated user. If the user has not been authenticated, the method returns null." Romain Manni-Bucau Twitter: @rmannibucau Blog: http://rmannibucau.wordpress.com/ LinkedIn: http://fr.linkedin.com/in/rmannibucau Github: https://github.com/rmannibucau 2014-08-04 22:04 GMT+02:00 Jean-Louis MONTEIRO : > It should return at least always a non null principal AFAIR, isn't it? > > > 2014-08-04 19:33 GMT+02:00 Mark Struberg : > >> Hi! >> >> I've recently found out that getUserPrincipal() returns null in a Listener >> [1]. >> I remember that this used to return the correct Principal in older >> versions (might be some time already). >> Also from reading the spec I assumed it should work. >> >> Any infos on this? >> >> LieGrue, >> strub >> >> >> [1] >> http://svn.apache.org/repos/asf/openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityListener.java >> > > > > -- > Jean-Louis - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: request.getUserPrincipal() returns null in a ServletRequestListener#requestInitialized in tc-7.0.54
oups thanks Romain 2014-08-04 22:09 GMT+02:00 Romain Manni-Bucau : > "Returns a java.security.Principal object containing the name of the > current authenticated user. If the user has not been authenticated, > the method returns null." > > > Romain Manni-Bucau > Twitter: @rmannibucau > Blog: http://rmannibucau.wordpress.com/ > LinkedIn: http://fr.linkedin.com/in/rmannibucau > Github: https://github.com/rmannibucau > > > 2014-08-04 22:04 GMT+02:00 Jean-Louis MONTEIRO : > > It should return at least always a non null principal AFAIR, isn't it? > > > > > > 2014-08-04 19:33 GMT+02:00 Mark Struberg : > > > >> Hi! > >> > >> I've recently found out that getUserPrincipal() returns null in a > Listener > >> [1]. > >> I remember that this used to return the correct Principal in older > >> versions (might be some time already). > >> Also from reading the spec I assumed it should work. > >> > >> Any infos on this? > >> > >> LieGrue, > >> strub > >> > >> > >> [1] > >> > http://svn.apache.org/repos/asf/openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityListener.java > >> > > > > > > > > -- > > Jean-Louis > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > -- Jean-Louis
Re: request.getUserPrincipal() returns null in a ServletRequestListener#requestInitialized in tc-7.0.54
yea exactly. But the user IS authenticated! And later in the Filter getUserPrincipal() returns the correct Principal. But in the ServletRequestListener (invoked in the same request of course) it is null. Either it should always be null, or never! LieGrue, strub On Monday, 4 August 2014, 22:12, Jean-Louis MONTEIRO wrote: > > >oups thanks Romain > > >2014-08-04 22:09 GMT+02:00 Romain Manni-Bucau : > >> "Returns a java.security.Principal object containing the name of the >> current authenticated user. If the user has not been authenticated, >> the method returns null." >> >> >> Romain Manni-Bucau >> Twitter: @rmannibucau >> Blog: http://rmannibucau.wordpress.com/ >> LinkedIn: http://fr.linkedin.com/in/rmannibucau >> Github: https://github.com/rmannibucau >> >> >> 2014-08-04 22:04 GMT+02:00 Jean-Louis MONTEIRO : >> > It should return at least always a non null principal AFAIR, isn't it? >> > >> > >> > 2014-08-04 19:33 GMT+02:00 Mark Struberg : >> > >> >> Hi! >> >> >> >> I've recently found out that getUserPrincipal() returns null in a >> Listener >> >> [1]. >> >> I remember that this used to return the correct Principal in older >> >> versions (might be some time already). >> >> Also from reading the spec I assumed it should work. >> >> >> >> Any infos on this? >> >> >> >> LieGrue, >> >> strub >> >> >> >> >> >> [1] >> >> >> http://svn.apache.org/repos/asf/openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityListener.java >> >> >> > >> > >> > >> > -- >> > Jean-Louis >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org > >> >> > > >-- >Jean-Louis > > >
Re: request.getUserPrincipal() returns null in a ServletRequestListener#requestInitialized in tc-7.0.54
Hmm did you debug in org.apache.catalina.connector.Request#recycle? Romain Manni-Bucau Twitter: @rmannibucau Blog: http://rmannibucau.wordpress.com/ LinkedIn: http://fr.linkedin.com/in/rmannibucau Github: https://github.com/rmannibucau 2014-08-04 22:37 GMT+02:00 Mark Struberg : > yea exactly. But the user IS authenticated! > And later in the Filter getUserPrincipal() returns the correct Principal. > But in the ServletRequestListener (invoked in the same request of course) it > is null. > Either it should always be null, or never! > > LieGrue, > strub > > > On Monday, 4 August 2014, 22:12, Jean-Louis MONTEIRO > wrote: > > >> >> >>oups thanks Romain >> >> >>2014-08-04 22:09 GMT+02:00 Romain Manni-Bucau : >> >>> "Returns a java.security.Principal object containing the name of the >>> current authenticated user. If the user has not been authenticated, >>> the method returns null." >>> >>> >>> Romain Manni-Bucau >>> Twitter: @rmannibucau >>> Blog: http://rmannibucau.wordpress.com/ >>> LinkedIn: http://fr.linkedin.com/in/rmannibucau >>> Github: https://github.com/rmannibucau >>> >>> >>> 2014-08-04 22:04 GMT+02:00 Jean-Louis MONTEIRO : >>> > It should return at least always a non null principal AFAIR, isn't it? >>> > >>> > >>> > 2014-08-04 19:33 GMT+02:00 Mark Struberg : >>> > >>> >> Hi! >>> >> >>> >> I've recently found out that getUserPrincipal() returns null in a >>> Listener >>> >> [1]. >>> >> I remember that this used to return the correct Principal in older >>> >> versions (might be some time already). >>> >> Also from reading the spec I assumed it should work. >>> >> >>> >> Any infos on this? >>> >> >>> >> LieGrue, >>> >> strub >>> >> >>> >> >>> >> [1] >>> >> >>> http://svn.apache.org/repos/asf/openwebbeans/trunk/webbeans-tomcat7/src/main/java/org/apache/webbeans/web/tomcat/TomcatSecurityListener.java >>> >> >>> > >>> > >>> > >>> > -- >>> > Jean-Louis >>> >>> - >>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: dev-h...@tomcat.apache.org >> >>> >>> >> >> >>-- >>Jean-Louis >> >> >> - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56684] java7: java.net.SocketTimeoutException: Accept timed out
https://issues.apache.org/bugzilla/show_bug.cgi?id=56684 --- Comment #12 from fach hoch --- is this fix available in tomcat 7.0.50? I am getting this error in jdk1.7 64 bit tomcat 7.0.50 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56684] java7: java.net.SocketTimeoutException: Accept timed out
https://issues.apache.org/bugzilla/show_bug.cgi?id=56684 --- Comment #13 from Chuck Caldarale --- (In reply to fach hoch from comment #12) > is this fix available in tomcat 7.0.50? No, it's in 7.0.55, as stated in comment #10. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 56815] New: pregzipped static resources missing vary: accept-encoding
https://issues.apache.org/bugzilla/show_bug.cgi?id=56815 Bug ID: 56815 Summary: pregzipped static resources missing vary: accept-encoding Product: Tomcat 8 Version: 8.0.9 Hardware: PC OS: All Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: pavelcibu...@gmail.com This feature has been added to Tomcat 8 in 54095. When tomcat send .gz version of resouces, http header is missing vary: accept-encoding. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1608840 [1/2] - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/ java/org/apache/tomcat/util/net/jsse/openssl/ java/org/apache/tomcat/util/net/jsse/res/ webapps/docs/
On that note I thought I'd share the cipher suites we have been using: kEECDH+ECDSA:kEECDH:kEDH:+SHA:-3DES:kRSA+3DES:!aNULL:!eNULL:!LOW:!MD5:!EXP:!DSS:!PSK:!SRP:!RC4:!SEED:!kECDH:!CAMELLIA - avoids using RC4 - prefers forward secrecy for all browsers except those, which do not support it - no server-side mitigation of beast attack - if java6 clients have to access the site, 1024bit dhparams have to be set kEECDH+ECDSA:kEECDH:RC4:+AES+SHA:+RSA+RC4:!aNULL:!eNULL:!LOW:!MD5:!EXP:!DSS:!SRP:!PSK:!3DES:!SEED:!kECDH:!CAMELLIA - server-side mitigation of beast attack, uses RC4 for older browsers though - prefers forward secrecy for modern browsers On Sat, Aug 2, 2014 at 12:19 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > Mark, > > On 8/1/14, 3:48 PM, Mark Thomas wrote: > > On 01/08/2014 13:57, Rémy Maucherat wrote: > >> Well, it can be disabled easily by reverting back to the old default in > >> the endpoint. Sorry for all the defects, the code that was submitted was > >> supposed to be fine ;) > > > > Thanks. I appreciate that. > > > >> If you think the feature is too complex and doesn't provide enough > benefit, > >> it can also be removed altogether. > > > > I'm still on the fence. I've removed the system property part as that > > was changing the meaning of some aliases and that might cause a few > > surprises. > > > > On balance I like the idea of the feature and having spent this week > > getting it into shape I'm reluctant to just delete it. > > > > In terms of ensuring correct behaviour, we now have unit tests that > > demonstrate that all the individual aliases are correct. Next I want to > > test some more complex expressions to check the operators all behave as > > expected. > > Here's one you can try on for size: > > !aNULL:!eNULL:!EXPORT:!DSS:!DES:!SSLv2:ECDHE:ECDH:DHE:AES256-GCM-SHA384:AES128-GCM-SHA256:+RC4:HIGH:MEDIUM > > I'm sure you can find more by googling for "httpd recommended > CipherSuite" and see what kinds of crazy things people have been > recommending to adjust things to get the "perfect" set of ciphers in > whatever order ;) > > -chris > >
