From users-return-268835-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Thu Nov 28 06:33:56 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id D724118064C for ; Thu, 28 Nov 2019 07:33:55 +0100 (CET) Received: (qmail 48255 invoked by uid 500); 28 Nov 2019 06:33:51 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 48240 invoked by uid 99); 28 Nov 2019 06:33:51 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Nov 2019 06:33:51 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 97BD3C01C4 for ; Thu, 28 Nov 2019 06:33:50 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.9 X-Spam-Level: X-Spam-Status: No, score=-0.9 tagged_above=-999 required=6.31 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com Received: from mx1-he-de.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id oV532MQDfB-Z for ; Thu, 28 Nov 2019 06:33:45 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=148.163.137.20; helo=mx0b-00154904.pphosted.com; envelope-from=rekha.ms@dell.com; receiver= Received: from mx0b-00154904.pphosted.com (mx0b-00154904.pphosted.com [148.163.137.20]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id 285987DD97 for ; Thu, 28 Nov 2019 06:33:45 +0000 (UTC) Received: from pps.filterd (m0170395.ppops.net [127.0.0.1]) by mx0b-00154904.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xAS6U8AS004246 for ; Thu, 28 Nov 2019 01:33:39 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=smtpout1; bh=Hx4a30H3aHz+eX2Knx0Xl9xiiPEkPDWPum2vtPPPfC0=; b=SLAJ8qk5nsD+2CLBsumwfPoZUTEZAtmcV+Rr33QLE7RqEJZGjyOciTxZTLeo8L1kaxZ0 05u2ldV57FNboUJwtx4vpieEK86YnlfDwgbBDfYSV5P/epJfIAU4Fr8WuMCXmxi/niVl +7qqWbJ9ur3vnW1g/DB/vgCGZbNNte6btD++7UYZuJmNiaRjERaaknk8GEAZ20KkHkgF FTjKG8Vk5u7ybkmQpYDor6c8/qsbjVgjsP8qKyPaUmj2FADb7dekyc7eznwfnzF3/jcI KEH7YtYPBA2cxGF+i1hkZZpTKBCRUZhC58B/GNgGdDRgE+mHI7vc3SGXLO2W0FRenYOM Cw== Received: from mx0b-00154901.pphosted.com (mx0b-00154901.pphosted.com [67.231.157.37]) by mx0b-00154904.pphosted.com with ESMTP id 2whd056g75-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 28 Nov 2019 01:33:39 -0500 Received: from pps.filterd (m0144104.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xAS6RnPj150809 for ; Thu, 28 Nov 2019 01:33:38 -0500 Received: from ausxippc110.us.dell.com (AUSXIPPC110.us.dell.com [143.166.85.200]) by mx0b-00154901.pphosted.com with ESMTP id 2whurya9v9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Thu, 28 Nov 2019 01:33:38 -0500 X-LoopCount0: from 10.166.135.114 X-PREM-Routing: D-Outbound X-IronPort-AV: E=Sophos;i="5.60,349,1549951200"; d="scan'208";a="888057482" From: To: Subject: RE: FW: tomcat creating new ssl session id for same session Thread-Topic: FW: tomcat creating new ssl session id for same session Thread-Index: AdWlCHy+I+xevj2pTkeFYn1xot54dwAAv4dAAAQ0lYAAJcp8sA== Date: Thu, 28 Nov 2019 06:33:33 +0000 Message-ID: References: <9dc89fafe5db4db3a54dc95f2ad3d66e@BLRX13MDC401.AMER.DELL.COM> <05c6a72c9c8d4419afae4cc8288852e9@BLRX13MDC401.AMER.DELL.COM> <29242956-b20d-69d4-c9a1-6efe730daa01@christopherschultz.net> In-Reply-To: <29242956-b20d-69d4-c9a1-6efe730daa01@christopherschultz.net> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: aiplabel=Highly Restricted Visual Marking; MSIP_Label_7a22faee-36a7-4809-bb8e-fa7f71ee20aa_Extended_MSFT_Method=Manual; MSIP_Label_7a22faee-36a7-4809-bb8e-fa7f71ee20aa_Parent=f4833c3c-263a-4874-9587-e0c458bf5585; MSIP_Label_7a22faee-36a7-4809-bb8e-fa7f71ee20aa_Application=Microsoft Azure Information Protection; MSIP_Label_7a22faee-36a7-4809-bb8e-fa7f71ee20aa_Name=Visual Marking; MSIP_Label_7a22faee-36a7-4809-bb8e-fa7f71ee20aa_SetDate=2019-11-28T06:32:19.2007285Z; MSIP_Label_7a22faee-36a7-4809-bb8e-fa7f71ee20aa_Owner=Rekha_MS@Dell.com; MSIP_Label_7a22faee-36a7-4809-bb8e-fa7f71ee20aa_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_7a22faee-36a7-4809-bb8e-fa7f71ee20aa_Enabled=True; MSIP_Label_f4833c3c-263a-4874-9587-e0c458bf5585_Extended_MSFT_Method=Manual; MSIP_Label_f4833c3c-263a-4874-9587-e0c458bf5585_Application=Microsoft Azure Information Protection; MSIP_Label_f4833c3c-263a-4874-9587-e0c458bf5585_Name=Highly Restricted; MSIP_Label_f4833c3c-263a-4874-9587-e0c458bf5585_SetDate=2019-11-28T06:32:19.2007285Z; MSIP_Label_f4833c3c-263a-4874-9587-e0c458bf5585_Owner=Rekha_MS@Dell.com; MSIP_Label_f4833c3c-263a-4874-9587-e0c458bf5585_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_f4833c3c-263a-4874-9587-e0c458bf5585_Enabled=True x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [163.244.186.30] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-11-27_07:2019-11-27,2019-11-27 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 malwarescore=0 suspectscore=0 priorityscore=1501 lowpriorityscore=0 mlxscore=0 bulkscore=0 adultscore=0 spamscore=0 impostorscore=0 clxscore=1015 mlxlogscore=899 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1911280053 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 malwarescore=0 mlxscore=0 suspectscore=0 bulkscore=0 mlxlogscore=999 lowpriorityscore=0 impostorscore=0 adultscore=0 phishscore=0 spamscore=0 clxscore=1015 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1911280053 Highly Restricted - Confidential Thanks for your prompt reply. Please find my response inline. -----Original Message----- From: Christopher Schultz =20 Sent: Wednesday, November 27, 2019 11:15 PM To: users@tomcat.apache.org Subject: Re: FW: tomcat creating new ssl session id for same session -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Rekha, On 11/27/19 05:15, Rekha.MS@Dell.com wrote: > I am using javax.servlet.request.ssl_session_id for session=20 > validation. But tomcat creating new ssl session id and user session=20 > validation is failing. How are you performing the validation? Rekha MS: Ssl_session_id is used for validation. What is the order-of-events that you are observing? Rekha MS : Ssl_session_id is same for some requests and then it changes aft= er some time. What version of Tomcat, and what kind of are you using? Rekha MS: Tomcat 8.5.15 , Nio connector(Http11NioProtocol to be specific) > Please let me know when tomcat creates new ssl session id and how by=20 > mandate it to use same ssl session id for same user session TLS session ids must change periodically when certain renegotiations occur.= This is actually a security feature. I'm not sure it is possible to disabl= e it entirely Rekha MS: what triggers these renegotiations? - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3etiEACgkQHPApP6U8 pFiKsg/+MSt/JOsbkOtL/x9z9RDV85HQtj3oQK6GQY5bp66ZTsZZugkwEbUdg8wb 3IDrw4qYuuyGs+PXqqjKwd76Td9EVWYBUEbtw3HPmOx2g0g3XsfTEgKetMRSyJrh Xh6vTFb9PPwlR1Lozv+OAkQXIradAZUXxHxWY6lcR1ox1X8A8VlnzTKA1oPBL+qk 1q6coOcNuhSJ2DjFFCmaBBp75qBQMFRvcIQacChQEfT1oFdFWkt22L8tmwLF3bKZ gb8Tc4ohDkwWZUeSeiq6p6dIN8LhK7q40rJH3akEwQJGrD3dPoSojwGiLKXvOMkj 2czFC4SdJ6MJnjxh57LvKlcxwIP+heEIpF1lscGjfZn+sSzzVDRLZkgkV0hXF4aG uDIKLvETzW88mE4ddfxHICf6IAsLcz6aSR2TaGlJdNgNnsbOooLJc6+cyoA3M1oc 1FpvyzSZsckKpA6KRKqOtNlvveDSgtrTr7EmgK0a2pjAiaq69zxttGfyyOwcKIQw aozuJBRH4mtP1HAT+4EKeUAUHtuPUXeGMJwoFa4MDMu2+HT9krIFB9kcixDuPy5k 6CFfPkXcVCN+XcChWYrI9HJ0vKRh0DzVVEB14RG/8V+oSXUM0+imJdC2I4QFBI0r y1ssOJkam+ZzP+fc5Mz1v/hbbLmX2Y1pe4d/FLNF91l+IXRsKOY=3D =3DJ9i5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org