[VOTE] Release Apache Tomcat 9.0.13

classic Classic list List threaded Threaded
17 messages Options
Reply | Threaded
Open this post in threaded view
|

[VOTE] Release Apache Tomcat 9.0.13

markt
The proposed Apache Tomcat 9.0.13 release is now available for voting.

The major changes compared to the 9.0.13 release are:

- support for TLSv1.3 when used with a JRE or OPenSSl version that
  supports it

- added support for encrypting cluster traffic

- added automatic reloading of tomcat-users.xml after a change


Along with lots of other bug fixes and improvements.

For full details, see the changelog:
http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1196/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/

The proposed 9.0.13 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 9.0.13

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

Rémy Maucherat
On Fri, Nov 2, 2018 at 5:11 PM Mark Thomas <[hidden email]> wrote:

> The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
> The major changes compared to the 9.0.13 release are:
>
> - support for TLSv1.3 when used with a JRE or OPenSSl version that
>   supports it
>
> - added support for encrypting cluster traffic
>
> - added automatic reloading of tomcat-users.xml after a change
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
> The proposed 9.0.13 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.13
>
> Looks fine to me. I'll wait until this is officially released before
adding any refactoring.

Rémy
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

markt
In reply to this post by markt
On 02/11/2018 16:11, Mark Thomas wrote:

> The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
> The major changes compared to the 9.0.13 release are:
>
> - support for TLSv1.3 when used with a JRE or OPenSSl version that
>   supports it
>
> - added support for encrypting cluster traffic
>
> - added automatic reloading of tomcat-users.xml after a change
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
> The proposed 9.0.13 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.13

Unit tests pass on Linux, Windows and MacOS for NIO, NIO2 and APR/native
with Tomcat Native 1.2.18 built with OpenSSL 1.1.1.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

Igal Sapir
In reply to this post by markt
On Fri, Nov 2, 2018 at 9:11 AM Mark Thomas <[hidden email]> wrote:

> The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
> The major changes compared to the 9.0.13 release are:
>
> - support for TLSv1.3 when used with a JRE or OPenSSl version that
>   supports it
>
> - added support for encrypting cluster traffic
>
> - added automatic reloading of tomcat-users.xml after a change
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
>
I am getting the same test case failures as before, so it doesn't look like
a regression to me:
   [concat] Testsuites with failed tests:
   [concat]
TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1]
   [concat]
TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
[2]

(details below)


> The proposed 9.0.13 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.13
>
>
Assuming that my assessment of the failures is correct, my non-binding vote
is Stable.  Tested on Fedora 28 with OpenSSL 1.1.0i-fips.

Igal

[1] Testsuite: org.apache.tomcat.util.net.openssl.ciphers.TestCipher
Tests run: 3, Failures: 2, Errors: 0, Skipped: 0, Time elapsed: 0.586 sec

Testcase: testNames took 0.077 sec
Testcase: testAllOpenSSLCiphersMapped took 0.304 sec
        FAILED
No mapping found in IBM's JSSE implementation for
ECDHE-PSK-3DES-EDE-CBC-SHA+TLSv1 when one was expected

junit.framework.AssertionFailedError: No mapping found in IBM's JSSE
implementation for ECDHE-PSK-3DES-EDE-CBC-SHA+TLSv1 when one was expected

        at
org.apache.tomcat.util.net.openssl.ciphers.TestCipher.testAllOpenSSLCiphersMapped(TestCipher.java:65)

Testcase: testOpenSSLCipherAvailability took 0.063 sec
        FAILED
ECDHE-ECDSA-DES-CBC3-SHA+TLSv1 PSK-3DES-EDE-CBC-SHA+SSLv3
SRP-DSS-3DES-EDE-CBC-SHA+SSLv3 DHE-PSK-3DES-EDE-CBC-SHA+SSLv3
DHE-RSA-DES-CBC3-SHA+SSLv3 RSA-PSK-3DES-EDE-CBC-SHA+SSLv3
DHE-DSS-DES-CBC3-SHA+SSLv3 ECDHE-RSA-DES-CBC3-SHA+TLSv1
AECDH-DES-CBC3-SHA+TLSv1 ADH-DES-CBC3-SHA+SSLv3
ECDHE-PSK-3DES-EDE-CBC-SHA+TLSv1 SRP-3DES-EDE-CBC-SHA+SSLv3
DES-CBC3-SHA+SSLv3 SRP-RSA-3DES-EDE-CBC-SHA+SSLv3  expected:<0> but was:<14>
junit.framework.AssertionFailedError: ECDHE-ECDSA-DES-CBC3-SHA+TLSv1
PSK-3DES-EDE-CBC-SHA+SSLv3 SRP-DSS-3DES-EDE-CBC-SHA+SSLv3
DHE-PSK-3DES-EDE-CBC-SHA+SSLv3 DHE-RSA-DES-CBC3-SHA+SSLv3
RSA-PSK-3DES-EDE-CBC-SHA+SSLv3 DHE-DSS-DES-CBC3-SHA+SSLv3
ECDHE-RSA-DES-CBC3-SHA+TLSv1 AECDH-DES-CBC3-SHA+TLSv1
ADH-DES-CBC3-SHA+SSLv3 ECDHE-PSK-3DES-EDE-CBC-SHA+TLSv1
SRP-3DES-EDE-CBC-SHA+SSLv3 DES-CBC3-SHA+SSLv3
SRP-RSA-3DES-EDE-CBC-SHA+SSLv3  expected:<0> but was:<14>
        at
org.apache.tomcat.util.net.openssl.ciphers.TestCipher.testOpenSSLCipherAvailability(TestCipher.java:108)

[2] Testsuite:
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser
Tests run: 86, Failures: 33, Errors: 0, Skipped: 1, Time elapsed: 2.621 sec
------------- Standard Error -----------------
Error in cipher list
139645700503360:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140604732196672:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140670305806144:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140226490042176:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140427393795904:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140499029514048:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139900973500224:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140708404664128:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139917327984448:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139750907934528:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140578619672384:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139641869047616:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140513076176704:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140167576704832:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140409541842752:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140594217105216:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140574070404928:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140609442834240:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140685734479680:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139765991700288:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140681815570240:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139765627705152:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140471476848448:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139720395511616:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140695832631104:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140556420446016:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140012189407040:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
140568961201984:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

Error in cipher list
139775530223424:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:ssl/ssl_lib.c:2193:

------------- ---------------- ---------------

Testcase: testARIA128 took 0.186 sec
Testcase: testARIA256 took 0.018 sec
Testcase: testkECDHE took 0.026 sec
    FAILED
Expected 27 ciphers but got 30 for the specification 'kECDHE'
expected:<[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
TLS_ECDH_anon_WITH_NULL_SHA]> but
was:<[TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_ECDH_anon_WITH_NULL_SHA]>
junit.framework.AssertionFailedError: Expected 27 ciphers but got 30 for
the specification 'kECDHE' expected:<[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
TLS_ECDH_anon_WITH_NULL_SHA]> but
was:<[TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_ECDH_anon_WITH_NULL_SHA]>
    at
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.testSpecification(TestOpenSSLCipherConfigurationParser.java:588)
    at
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.testkECDHE(TestOpenSSLCipherConfigurationParser.java:202)

Testcase: testkECDHe took 0.034 sec
Testcase: testkECDHr took 0.032 sec
Testcase: testkEECDH took 0.028 sec
    FAILED
Expected 27 ciphers but got 30 for the specification 'kEECDH'
expected:<[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
TLS_ECDH_anon_WITH_NULL_SHA]> but
was:<[TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_ECDH_anon_WITH_NULL_SHA]>
junit.framework.AssertionFailedError: Expected 27 ciphers but got 30 for
the specification 'kEECDH' expected:<[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
TLS_ECDH_anon_WITH_NULL_SHA]> but
was:<[TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_NULL_SHA,
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_ECDH_anon_WITH_NULL_SHA]>
    at
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.testSpecification(TestOpenSSLCipherConfigurationParser.java:588)
    at
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.testkEECDH(TestOpenSSLCipherConfigurationParser.java:190)

Testcase: testGOST89MAC took 0.027 sec
Testcase: testCHACHA20 took 0.041 sec
Testcase: testADH took 0.017 sec
    FAILED

<snip/>
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

markt
On 02/11/2018 22:39, Igal Sapir wrote:

<snip/>

> I am getting the same test case failures as before, so it doesn't look like
> a regression to me:
>    [concat] Testsuites with failed tests:
>    [concat]
> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1]
>    [concat]
> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
> [2]
>
> (details below)
>
>
>> The proposed 9.0.13 release is:
>> [ ] Broken - do not release
>> [X] Stable - go ahead and release as 9.0.13
>>
>>
> Assuming that my assessment of the failures is correct, my non-binding vote
> is Stable.  Tested on Fedora 28 with OpenSSL 1.1.0i-fips.

Which JDK are you using? It looks like an IBM one. It has been a while
since I tested things with an IBM JDK so some updates might be required.
A FIPS enabled OpenSSL might also cause some failures as it might
disable some ciphers.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

Igal Sapir
On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas <[hidden email]> wrote:

> On 02/11/2018 22:39, Igal Sapir wrote:
>
> <snip/>
>
> > I am getting the same test case failures as before, so it doesn't look
> like
> > a regression to me:
> >    [concat] Testsuites with failed tests:
> >    [concat]
> > TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1]
> >    [concat]
> >
> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
> > [2]
> >
> > (details below)
> >
> >
> >> The proposed 9.0.13 release is:
> >> [ ] Broken - do not release
> >> [X] Stable - go ahead and release as 9.0.13
> >>
> >>
> > Assuming that my assessment of the failures is correct, my non-binding
> vote
> > is Stable.  Tested on Fedora 28 with OpenSSL 1.1.0i-fips.
>
> Which JDK are you using? It looks like an IBM one. It has been a while
> since I tested things with an IBM JDK so some updates might be required.
>

I am pretty sure that I've never installed the IBM JDK on any machine.
This one IIRC is from Oracle:

$ javac -version
javac 1.8.0_181
$ java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

I will upgrade to u191 from Oracle and then test again.


> A FIPS enabled OpenSSL might also cause some failures as it might
> disable some ciphers.
>

I am guessing by the version name of OpenSSL that FIPS is enabled:

$ openssl version
OpenSSL 1.1.0i-fips  14 Aug 2018

$ uname -a
Linux local 4.18.16-200.fc28.x86_64 #1 SMP Sat Oct 20 23:53:47 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux

Should I make a mental note that these are false positives or should we
pursue it further and update the test cases to remove ciphers that should
not be used?

Thanks,

Igal
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

markt
On 03/11/2018 16:20, Igal Sapir wrote:

> On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas <[hidden email]> wrote:
>
>> On 02/11/2018 22:39, Igal Sapir wrote:
>>
>> <snip/>
>>
>>> I am getting the same test case failures as before, so it doesn't look
>> like
>>> a regression to me:
>>>    [concat] Testsuites with failed tests:
>>>    [concat]
>>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1]
>>>    [concat]
>>>
>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
>>> [2]
>>>
>>> (details below)
>>>
>>>
>>>> The proposed 9.0.13 release is:
>>>> [ ] Broken - do not release
>>>> [X] Stable - go ahead and release as 9.0.13
>>>>
>>>>
>>> Assuming that my assessment of the failures is correct, my non-binding
>> vote
>>> is Stable.  Tested on Fedora 28 with OpenSSL 1.1.0i-fips.
>>
>> Which JDK are you using? It looks like an IBM one. It has been a while
>> since I tested things with an IBM JDK so some updates might be required.
>>
>
> I am pretty sure that I've never installed the IBM JDK on any machine.
> This one IIRC is from Oracle:
>
> $ javac -version
> javac 1.8.0_181
> $ java -version
> java version "1.8.0_181"
> Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
> Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
>
> I will upgrade to u191 from Oracle and then test again.
>
>
>> A FIPS enabled OpenSSL might also cause some failures as it might
>> disable some ciphers.
>>
>
> I am guessing by the version name of OpenSSL that FIPS is enabled:
>
> $ openssl version
> OpenSSL 1.1.0i-fips  14 Aug 2018

That is very odd as the only OpenSSL branch that is FIPS certified is 1.0.2.

> $ uname -a
> Linux local 4.18.16-200.fc28.x86_64 #1 SMP Sat Oct 20 23:53:47 UTC 2018
> x86_64 x86_64 x86_64 GNU/Linux
>
> Should I make a mental note that these are false positives or should we
> pursue it further and update the test cases to remove ciphers that should
> not be used?

They look like false positives at this point.

Now is probably a good time to complete the planned expansion of unit
tests on Gump for Tomcat Native so we have coverage of all the OpenSSL
versions.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

Igal Sapir
On Sat, Nov 3, 2018 at 9:28 AM Mark Thomas <[hidden email]> wrote:

> On 03/11/2018 16:20, Igal Sapir wrote:
> > On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas <[hidden email]> wrote:
> >
> >> On 02/11/2018 22:39, Igal Sapir wrote:
> >>
> >> <snip/>
> >>
> >>> I am getting the same test case failures as before, so it doesn't look
> >> like
> >>> a regression to me:
> >>>    [concat] Testsuites with failed tests:
> >>>    [concat]
> >>> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt [1]
> >>>    [concat]
> >>>
> >>
> TEST-org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
> >>> [2]
> >>>
> >>> (details below)
> >>>
> >>>
> >>>> The proposed 9.0.13 release is:
> >>>> [ ] Broken - do not release
> >>>> [X] Stable - go ahead and release as 9.0.13
> >>>>
> >>>>
> >>> Assuming that my assessment of the failures is correct, my non-binding
> >> vote
> >>> is Stable.  Tested on Fedora 28 with OpenSSL 1.1.0i-fips.
> >>
> >> Which JDK are you using? It looks like an IBM one. It has been a while
> >> since I tested things with an IBM JDK so some updates might be required.
> >>
> >
> > I am pretty sure that I've never installed the IBM JDK on any machine.
> > This one IIRC is from Oracle:
> >
> > $ javac -version
> > javac 1.8.0_181
> > $ java -version
> > java version "1.8.0_181"
> > Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
> > Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
> >
> > I will upgrade to u191 from Oracle and then test again.
> >
> >
> >> A FIPS enabled OpenSSL might also cause some failures as it might
> >> disable some ciphers.
> >>
> >
> > I am guessing by the version name of OpenSSL that FIPS is enabled:
> >
> > $ openssl version
> > OpenSSL 1.1.0i-fips  14 Aug 2018
>
> That is very odd as the only OpenSSL branch that is FIPS certified is
> 1.0.2.
>
> > $ uname -a
> > Linux local 4.18.16-200.fc28.x86_64 #1 SMP Sat Oct 20 23:53:47 UTC 2018
> > x86_64 x86_64 x86_64 GNU/Linux
> >
> > Should I make a mental note that these are false positives or should we
> > pursue it further and update the test cases to remove ciphers that should
> > not be used?
>
> They look like false positives at this point.
>

Is it possible to mark some test cases as "Warnings" rather than "Errors"?
So that if they fail they will not fail the whole test?


> Now is probably a good time to complete the planned expansion of unit
> tests on Gump for Tomcat Native so we have coverage of all the OpenSSL
> versions.
>

I'd be happy to help if given some guidance

Best,

Igal
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

markt
On 03/11/2018 16:54, Igal Sapir wrote:
> On Sat, Nov 3, 2018 at 9:28 AM Mark Thomas <[hidden email]> wrote:
>> On 03/11/2018 16:20, Igal Sapir wrote:
>>> On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas <[hidden email]> wrote:
>>>> On 02/11/2018 22:39, Igal Sapir wrote:

<snip/>

>>> Should I make a mental note that these are false positives or should we
>>> pursue it further and update the test cases to remove ciphers that should
>>> not be used?
>>
>> They look like false positives at this point.
>>
>
> Is it possible to mark some test cases as "Warnings" rather than "Errors"?
> So that if they fail they will not fail the whole test?

Not that I am aware of.

>> Now is probably a good time to complete the planned expansion of unit
>> tests on Gump for Tomcat Native so we have coverage of all the OpenSSL
>> versions.
>
> I'd be happy to help if given some guidance

(Note: Gump seems to be having issues performing 'svn up' at the moment.
Check any failures carefully in case this is the cause.)

The plan was as follows:
- Build all current OpenSSL versions (currently 4)
- Build Tomcat Native 1.2.x for each OpenSSL version (i.e. 4)
- No Tomcat Native 1.1.x builds
- Test 9.0.x with all Native/OpenSSL combinations (i.e. 4)
- Test 8.5.x with Native/OpenSSL 1.1.1 (latest LTS)
- Test 7.0.x with Native/OpenSSL 1.0.2 (other LTS)

The OpenSSL build and Tomcat Native builds with each OpenSSL version
have already been configured.

The Tomcat Native 1.1.x build has been disabled.

The 8.5.x and 7.0.x are configured as desired. So it is just 9.0.x that
needs completing. It should, largely, be a copy/paste exercise:

The Gump metadata is here:
http://svn.apache.org/repos/asf/gump/metadata/project/

All ASF committers have write access.

There is one file for each major Tomcat version.
Each <project .../> block represents one Tomcat build or one test run.

If you look in tomcat-trunk.xml you will see
<project name="tomcat-trunk-test-apr">

This runs the unit tests with the APR connector. It is configured with:
<property name="test.openssl.path" project="openssl-make-install"
          id="openssl" reference="outputpath"/>
<property name="test.apr.loc" project="tomcat-native-trunk-make-install"
          reference="home"/>

which means it uses Tomcat Native build with OpenSSL master (or just
OpenSSL master when using OpenSSL directly) for the tests.

Currently we have:

Tomcat 9.0.x testing APR/native with OpenSSL master

This needs to be exapnded to:
Tomcat 9.0.x testing APR/native with
 - OpenSSL master
 - OpenSSL 1.1.1
 - OpenSSL 1.1.0
 - OpenSSL 1.0.2

We also have NIO tests running with JSSE. It would be prudent to add 4
more test runs for each of the OpenSSL versions with NIO as well.

Essentially, you edit the metadata file and then wait until the next
test run (they run at 0000, 0600, 1200 and 1800 UTC) and see if it
worked. Repeat until all the test runs are passing.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

Igal Sapir
Mark,

On Sat, Nov 3, 2018 at 10:37 AM Mark Thomas <[hidden email]> wrote:

> On 03/11/2018 16:54, Igal Sapir wrote:
> > On Sat, Nov 3, 2018 at 9:28 AM Mark Thomas <[hidden email]> wrote:
> >> On 03/11/2018 16:20, Igal Sapir wrote:
> >>> On Sat, Nov 3, 2018 at 3:50 AM Mark Thomas <[hidden email]> wrote:
> >>>> On 02/11/2018 22:39, Igal Sapir wrote:
>
> <snip/>
>
> >> Now is probably a good time to complete the planned expansion of unit
> >> tests on Gump for Tomcat Native so we have coverage of all the OpenSSL
> >> versions.
> >
> > I'd be happy to help if given some guidance
>
> (Note: Gump seems to be having issues performing 'svn up' at the moment.
> Check any failures carefully in case this is the cause.)
>
> The plan was as follows:
> - Build all current OpenSSL versions (currently 4)
> - Build Tomcat Native 1.2.x for each OpenSSL version (i.e. 4)
> - No Tomcat Native 1.1.x builds
> - Test 9.0.x with all Native/OpenSSL combinations (i.e. 4)
> - Test 8.5.x with Native/OpenSSL 1.1.1 (latest LTS)
> - Test 7.0.x with Native/OpenSSL 1.0.2 (other LTS)
>
> The OpenSSL build and Tomcat Native builds with each OpenSSL version
> have already been configured.
>
> The Tomcat Native 1.1.x build has been disabled.
>
> The 8.5.x and 7.0.x are configured as desired. So it is just 9.0.x that
> needs completing. It should, largely, be a copy/paste exercise:
>
> The Gump metadata is here:
> http://svn.apache.org/repos/asf/gump/metadata/project/
>
> All ASF committers have write access.
>
> There is one file for each major Tomcat version.
> Each <project .../> block represents one Tomcat build or one test run.
>
> If you look in tomcat-trunk.xml you will see
> <project name="tomcat-trunk-test-apr">
>
> This runs the unit tests with the APR connector. It is configured with:
> <property name="test.openssl.path" project="openssl-make-install"
>           id="openssl" reference="outputpath"/>
> <property name="test.apr.loc" project="tomcat-native-trunk-make-install"
>           reference="home"/>
>
> which means it uses Tomcat Native build with OpenSSL master (or just
> OpenSSL master when using OpenSSL directly) for the tests.
>
> Currently we have:
>
> Tomcat 9.0.x testing APR/native with OpenSSL master
>
> This needs to be exapnded to:
> Tomcat 9.0.x testing APR/native with
>  - OpenSSL master
>  - OpenSSL 1.1.1
>  - OpenSSL 1.1.0
>  - OpenSSL 1.0.2
>
> We also have NIO tests running with JSSE. It would be prudent to add 4
> more test runs for each of the OpenSSL versions with NIO as well.
>
> Essentially, you edit the metadata file and then wait until the next
> test run (they run at 0000, 0600, 1200 and 1800 UTC) and see if it
> worked. Repeat until all the test runs are passing.
>

Thank you for the detailed information.  I will be travelling in the coming
days but will look into this and hopefully make myself useful as soon as I
can.

Thanks,

Igal
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

Violeta Georgieva
In reply to this post by markt
Hi,

На пт, 2.11.2018 г. в 18:11 ч. Mark Thomas <[hidden email]> написа:

>
> The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
> The major changes compared to the 9.0.13 release are:
>
> - support for TLSv1.3 when used with a JRE or OPenSSl version that
>   supports it
>
> - added support for encrypting cluster traffic
>
> - added automatic reloading of tomcat-users.xml after a change
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
> The proposed 9.0.13 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.13

+1

Regards,
Violeta
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

Romain Manni-Bucau
+1 (non-binding), tested on meecrowave and some work projects

Romain Manni-Bucau
@rmannibucau <https://twitter.com/rmannibucau> |  Blog
<https://rmannibucau.metawerx.net/> | Old Blog
<http://rmannibucau.wordpress.com> | Github <https://github.com/rmannibucau> |
LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book
<https://www.packtpub.com/application-development/java-ee-8-high-performance>


Le lun. 5 nov. 2018 à 08:26, Violeta Georgieva <[hidden email]> a
écrit :

> Hi,
>
> На пт, 2.11.2018 г. в 18:11 ч. Mark Thomas <[hidden email]> написа:
> >
> > The proposed Apache Tomcat 9.0.13 release is now available for voting.
> >
> > The major changes compared to the 9.0.13 release are:
> >
> > - support for TLSv1.3 when used with a JRE or OPenSSl version that
> >   supports it
> >
> > - added support for encrypting cluster traffic
> >
> > - added automatic reloading of tomcat-users.xml after a change
> >
> >
> > Along with lots of other bug fixes and improvements.
> >
> > For full details, see the changelog:
> > http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
> >
> > It can be obtained from:
> > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> > The Maven staging repo is:
> > https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> > The svn tag is:
> > http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
> >
> > The proposed 9.0.13 release is:
> > [ ] Broken - do not release
> > [X] Stable - go ahead and release as 9.0.13
>
> +1
>
> Regards,
> Violeta
>
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

Coty Sutherland
In reply to this post by markt
On Fri, Nov 2, 2018 at 12:11 PM Mark Thomas <[hidden email]> wrote:

> The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
> The major changes compared to the 9.0.13 release are:
>
> - support for TLSv1.3 when used with a JRE or OPenSSl version that
>   supports it
>
> - added support for encrypting cluster traffic
>
> - added automatic reloading of tomcat-users.xml after a change
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1196/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
> The proposed 9.0.13 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.13
>

+1


>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

Rémy Maucherat
In reply to this post by Romain Manni-Bucau
On Mon, Nov 5, 2018 at 8:43 AM Romain Manni-Bucau <[hidden email]>
wrote:

> +1 (non-binding), tested on meecrowave and some work projects
>

Well, I guess "ads" are useful sometimes. I looked at the code of
meecrowave just right now, and it looks like my embedded improvements are
relevant and could avoid a number of hacks/problems that had to be solved
the hard way. Hopefully, they won't break any existing code either.

Rémy
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

Felix Schumacher
In reply to this post by markt


Am 2. November 2018 17:11:40 MEZ schrieb Mark Thomas <[hidden email]>:

>The proposed Apache Tomcat 9.0.13 release is now available for voting.
>
>The major changes compared to the 9.0.13 release are:
>
>- support for TLSv1.3 when used with a JRE or OPenSSl version that
>  supports it
>
>- added support for encrypting cluster traffic
>
>- added automatic reloading of tomcat-users.xml after a change
>
>
>Along with lots of other bug fixes and improvements.
>
>For full details, see the changelog:
>http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
>It can be obtained from:
>https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.13/
>The Maven staging repo is:
>https://repository.apache.org/content/repositories/orgapachetomcat-1196/
>The svn tag is:
>http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_13/
>
>The proposed 9.0.13 release is:
>[ ] Broken - do not release
>[x] Stable - go ahead and release as 9.0.13

Regards,
Felix

>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [hidden email]
>For additional commands, e-mail: [hidden email]

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Tomcat 9.0.13

markt
In reply to this post by markt
The following votes were cast:

Binding:
+1: remm, markt, violetagg, csutherl, fschumacher

Non-binding:
+1: isapir, rmannibucau

The vote therefore passes.

Thank you to everyone who contributed to this release.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[VOTE][RESULT] Release Apache Tomcat 9.0.13

markt
Just adding [RESULT] to the subject for the benefit of the archives.

Mark


On 07/11/2018 23:04, Mark Thomas wrote:

> The following votes were cast:
>
> Binding:
> +1: remm, markt, violetagg, csutherl, fschumacher
>
> Non-binding:
> +1: isapir, rmannibucau
>
> The vote therefore passes.
>
> Thank you to everyone who contributed to this release.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]