From users-return-268846-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Fri Nov 29 08:54:49 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 10F59180657 for ; Fri, 29 Nov 2019 09:54:48 +0100 (CET) Received: (qmail 52997 invoked by uid 500); 29 Nov 2019 08:54:45 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 52986 invoked by uid 99); 29 Nov 2019 08:54:44 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Nov 2019 08:54:44 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 5696AC017A for ; Fri, 29 Nov 2019 08:54:44 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.9 X-Spam-Level: X-Spam-Status: No, score=-0.9 tagged_above=-999 required=6.31 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com Received: from mx1-he-de.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id rkr0R5P8D7ax for ; Fri, 29 Nov 2019 08:54:40 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=148.163.133.20; helo=mx0a-00154904.pphosted.com; envelope-from=rekha.ms@dell.com; receiver= Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 3CE107DDCD for ; Fri, 29 Nov 2019 08:54:38 +0000 (UTC) Received: from pps.filterd (m0170393.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xAT8oO8r011534 for ; Fri, 29 Nov 2019 03:54:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=smtpout1; bh=QEY1Cb0UG/42ngEyDFYTVTFO8SuHaJsyNM//8qBcF+U=; b=HczNkzQiSNe05NqsMcXOsO3n46ynI/5ti9Vuj45gLbPJeDoEUJBH48q/eHgzMSCmwdrI kwKzhUBwEKgLe/AYhRxOalmuGuDjT7FqhqFoRyEH+9Op282GQplKz/ljAtnyqcTOKG4M Pzb/dXmM7Ysrxj7f8mVq/E2nzTl7Nf+pZdOyN9dhpOJZy7G8JBQ/NAAtu8zhZeBG+9sb EhAjQOKU2FBs5xfALUjB18y/1GHekKKS51TOZUJm2WAs1GTmsTHQXQntR2369zFkt8iu itoIInx/JFB7FMcvxEfPWl/fv/3NxVEUSnvFM74C4E4H5GZk0cHwpovXsPaOb55bX6fZ sg== Received: from mx0a-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0a-00154904.pphosted.com with ESMTP id 2whcyxu3gy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 29 Nov 2019 03:54:37 -0500 Received: from pps.filterd (m0089484.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xAT8rTlI032584 for ; Fri, 29 Nov 2019 03:54:36 -0500 Received: from ausxippc101.us.dell.com (ausxippc101.us.dell.com [143.166.85.207]) by mx0b-00154901.pphosted.com with ESMTP id 2wjgm82jmr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Fri, 29 Nov 2019 03:54:36 -0500 X-LoopCount0: from 10.166.136.214 X-PREM-Routing: D-Outbound X-IronPort-AV: E=Sophos;i="5.60,346,1549951200"; d="scan'208";a="1331003042" From: To: Subject: RE: FW: tomcat creating new ssl session id for same session Thread-Topic: FW: tomcat creating new ssl session id for same session Thread-Index: AdWlCHy+I+xevj2pTkeFYn1xot54dwAAv4dAAAQ0lYAAJcp8sAA3wmvw Date: Fri, 29 Nov 2019 08:54:32 +0000 Message-ID: <066f785bf60b43b68650a977f303acc1@BLRX13MDC401.AMER.DELL.COM> References: <9dc89fafe5db4db3a54dc95f2ad3d66e@BLRX13MDC401.AMER.DELL.COM> <05c6a72c9c8d4419afae4cc8288852e9@BLRX13MDC401.AMER.DELL.COM> <29242956-b20d-69d4-c9a1-6efe730daa01@christopherschultz.net> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: aiplabel=Restricted No Visual Marking; MSIP_Label_77c89b32-9ea6-4751-a5b4-31f15d8c6655_Enabled=True; MSIP_Label_fe0b32e4-f4e9-4901-ab2a-ce664f3b1ffd_Extended_MSFT_Method=Manual; MSIP_Label_fe0b32e4-f4e9-4901-ab2a-ce664f3b1ffd_Parent=77c89b32-9ea6-4751-a5b4-31f15d8c6655; MSIP_Label_fe0b32e4-f4e9-4901-ab2a-ce664f3b1ffd_Application=Microsoft Azure Information Protection; MSIP_Label_fe0b32e4-f4e9-4901-ab2a-ce664f3b1ffd_Name=No Visual Marking; MSIP_Label_fe0b32e4-f4e9-4901-ab2a-ce664f3b1ffd_SetDate=2019-11-29T08:54:24.8537021Z; MSIP_Label_fe0b32e4-f4e9-4901-ab2a-ce664f3b1ffd_Owner=Rekha_MS@Dell.com; MSIP_Label_fe0b32e4-f4e9-4901-ab2a-ce664f3b1ffd_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_fe0b32e4-f4e9-4901-ab2a-ce664f3b1ffd_Enabled=True; MSIP_Label_77c89b32-9ea6-4751-a5b4-31f15d8c6655_Extended_MSFT_Method=Manual; MSIP_Label_77c89b32-9ea6-4751-a5b4-31f15d8c6655_Application=Microsoft Azure Information Protection; MSIP_Label_77c89b32-9ea6-4751-a5b4-31f15d8c6655_Name=Restricted; MSIP_Label_77c89b32-9ea6-4751-a5b4-31f15d8c6655_SetDate=2019-11-29T08:54:24.8537021Z; MSIP_Label_77c89b32-9ea6-4751-a5b4-31f15d8c6655_Owner=Rekha_MS@Dell.com; MSIP_Label_77c89b32-9ea6-4751-a5b4-31f15d8c6655_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [143.166.11.234] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-11-29_02:2019-11-29,2019-11-29 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 phishscore=0 mlxlogscore=951 suspectscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 spamscore=0 priorityscore=1501 malwarescore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1911290077 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 adultscore=0 bulkscore=0 lowpriorityscore=0 clxscore=1015 mlxlogscore=999 suspectscore=0 spamscore=0 impostorscore=0 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1911290077 Thanks for your prompt reply. Please find my response inline. -----Original Message----- From: Christopher Schultz Sent: Wednesday, November 27, 2019 11:15 PM To: users@tomcat.apache.org Subject: Re: FW: tomcat creating new ssl session id for same session -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Rekha, On 11/27/19 05:15, Rekha.MS@Dell.com wrote: > I am using javax.servlet.request.ssl_session_id for session=20 > validation. But tomcat creating new ssl session id and user session=20 > validation is failing. How are you performing the validation? Rekha MS: Ssl_session_id is used for validation. What is the order-of-events that you are observing? Rekha MS : Ssl_session_id is same for some requests and then it changes aft= er some time. What version of Tomcat, and what kind of are you using? Rekha MS: Tomcat 8.5.15 , Nio connector(Http11NioProtocol to be specific) > Please let me know when tomcat creates new ssl session id and how by=20 > mandate it to use same ssl session id for same user session TLS session ids must change periodically when certain renegotiations occur.= This is actually a security feature. I'm not sure it is possible to disabl= e it entirely Rekha MS: what triggers these renegotiations? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3etiEACgkQHPApP6U8 pFiKsg/+MSt/JOsbkOtL/x9z9RDV85HQtj3oQK6GQY5bp66ZTsZZugkwEbUdg8wb 3IDrw4qYuuyGs+PXqqjKwd76Td9EVWYBUEbtw3HPmOx2g0g3XsfTEgKetMRSyJrh Xh6vTFb9PPwlR1Lozv+OAkQXIradAZUXxHxWY6lcR1ox1X8A8VlnzTKA1oPBL+qk 1q6coOcNuhSJ2DjFFCmaBBp75qBQMFRvcIQacChQEfT1oFdFWkt22L8tmwLF3bKZ gb8Tc4ohDkwWZUeSeiq6p6dIN8LhK7q40rJH3akEwQJGrD3dPoSojwGiLKXvOMkj 2czFC4SdJ6MJnjxh57LvKlcxwIP+heEIpF1lscGjfZn+sSzzVDRLZkgkV0hXF4aG uDIKLvETzW88mE4ddfxHICf6IAsLcz6aSR2TaGlJdNgNnsbOooLJc6+cyoA3M1oc 1FpvyzSZsckKpA6KRKqOtNlvveDSgtrTr7EmgK0a2pjAiaq69zxttGfyyOwcKIQw aozuJBRH4mtP1HAT+4EKeUAUHtuPUXeGMJwoFa4MDMu2+HT9krIFB9kcixDuPy5k 6CFfPkXcVCN+XcChWYrI9HJ0vKRh0DzVVEB14RG/8V+oSXUM0+imJdC2I4QFBI0r y1ssOJkam+ZzP+fc5Mz1v/hbbLmX2Y1pe4d/FLNF91l+IXRsKOY=3D =3DJ9i5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org