Re: OT: hsts in Tomcat 9.0.73

Jon, On 4/25/23 13:26, jonmcalexan...@wellsfargo.com.INVALID wrote: Here is the code for the HSTS part of the Filter: // HSTS if (hstsEnabled && request.isSecure()) { httpResponse.setHeader(HSTS_HEADER_NAME, hstsHeaderValue); } I was wondering if maybe secure="true" wasn'

Re: OT: hsts in Tomcat 9.0.73

Olaf, On 4/22/23 03:13, Olaf Kock wrote: Am 22.04.23 um 00:48 schrieb jonmcalexan...@wellsfargo.com.INVALID: Thanks Peter, I still do not see the hsts header. I'm wondering if this is causing it. SSL certificate verify result: self signed certificate in certificate chain (19), continuing an

Re: OT: hsts in Tomcat 9.0.73

Jon, On 4/25/23 11:33, jonmcalexan...@wellsfargo.com.INVALID wrote: There is a ROOT application which is part of the overall app and not the default Tomcat one. How should this be added to those web.xml files? If you deploy your own webapp as ROOT then you should place that HSTS configuration

RE: OT: hsts in Tomcat 9.0.73

Christopher, Here is the SSL connector: Thanks! Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 M

RE: [External] Re: Tomcat Native 1.2.30 -- Windows 2016 TLSv1.3 support?

Ok -- makes sense. Thank you, Vincent -Original Message- From: Christopher Schultz Sent: Tuesday, April 25, 2023 10:28 AM To: users@tomcat.apache.org Subject: [External] Re: Tomcat Native 1.2.30 -- Windows 2016 TLSv1.3 support? WARNING: This message has originated from an External Sou

RE: OT: hsts in Tomcat 9.0.73

Christopher, There is a ROOT application which is part of the overall app and not the default Tomcat one. How should this be added to those web.xml files? I'm working on getting the connector. Thanks, Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice

Re: OT: hsts in Tomcat 9.0.73

Jon, On 4/25/23 10:31, jonmcalexan...@wellsfargo.com.INVALID wrote: It's the Server level web.xml in conf So it applies to all web applications. I would recommend that you change that configuration to: 1. Be present in your own web application's WEB-INF/web.xml file and 2. Deploy a ROOT appl

RE: OT: hsts in Tomcat 9.0.73

Hi Christopher, It's the Server level web.xml in conf, and no, the file is all lowercase. Welcome to the wonderful world of Qualsys. :-) Thank you, Dream * Excel * Explore * Inspire Jon McAlexander Senior Infrastructure Engineer Asst. Vice President He/His Middleware Product Engineering Enterp

Re: Tomcat Native 1.2.30 -- Windows 2016 TLSv1.3 support?

Vincent, On 4/25/23 05:14, Mark Thomas wrote: On 24/04/2023 20:15, Ragosta, Vincent wrote: Hello all, We have an application packaged with Tomcat Native 1.2.30, which, per the following, the Windows binaries were built using OpenSSL 1.1.1k: https://www.mail-archive.com/dev@tomcat.apache.org

Re: java.lang.InternalError: Unexpected CryptoAPI failure generating seed

Thomas, On 4/21/23 15:04, Thomas Worster wrote: That document is mostly about a corrupted install in Weblogic, but after that, it suggests making sure you are using the urandom (non-blocking) random number generator. This is Tomcat's Standard(Session)Manager generating a session identifier. I

Re: OT: hsts in Tomcat 9.0.73

Jon, On 4/25/23 10:15, Christopher Schultz wrote: Jon, On 4/20/23 16:39, jonmcalexan...@wellsfargo.com.INVALID wrote: Hellow again. I hae another app team that is getting hit with a QID 11827 stating that the hsts Security header is missing. We have reviewed the web.xml and the appropriate

Re: OT: hsts in Tomcat 9.0.73

Jon, On 4/20/23 16:39, jonmcalexan...@wellsfargo.com.INVALID wrote: Hellow again. I hae another app team that is getting hit with a QID 11827 stating that the hsts Security header is missing. We have reviewed the web.xml and the appropriate section and filter are present. hstsEnabled is set t

Re: [OT] MySQL Connection settings

Kevin, On 4/21/23 14:19, Kevin Huntly wrote: in general. something all purpose to get started with On Fri, Apr 21, 2023, 14:17 Christopher Schultz < ch...@christopherschultz.net> wrote: Kevin, On 4/21/23 09:35, Kevin Huntly wrote: I'm not a DBA nor do I pretend to be, so I'm asking what eve

Re: Tomcat VAPT Closure

On 25/04/2023 12:18, PRATIK HUMNABADKAR wrote: Hi, We tried below suggestion but still receiving below errors. Please guide. Try reading the log messages. server.xml 25-Apr-2023 16:08:46.067 INFO [main] org.apache.catalina.core.AprLi

RE: Tomcat VAPT Closure

Hi, We tried below suggestion but still receiving below errors. Please guide. Server.xml

Re: Tomcat Native 1.2.30 -- Windows 2016 TLSv1.3 support?

On 24/04/2023 20:15, Ragosta, Vincent wrote: Hello all, We have an application packaged with Tomcat Native 1.2.30, which, per the following, the Windows binaries were built using OpenSSL 1.1.1k: https://www.mail-archive.com/dev@tomcat.apache.org/msg152993.html However, per Microsoft, Windows

RE: Tomcat VAPT Closure

Hi Mark, We tried below 2 suggestions but still receiving errors. Can we get into quick teams call where I can share screen to resolve this. Regards, Pratik -Original Message- From: Mark Eggers Sent: 25 April 2023 11:08 To: users@tomcat.apache.org Subject: Re: Tomcat VAPT Closure Prat