Skip to content

Instantly share code, notes, and snippets.

View MikeN123's full-sized avatar

Mike Noordermeer MikeN123

  • Netherlands
  • 07:19 (UTC +02:00)
View GitHub Profile
Default Cipher
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="conf/keystore.jks" keystorePass="changeit"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />
diff -ru tomcat-native-1.1.29-src.orig/jni/native/src/sslcontext.c tomcat-native-1.1.29-src/jni/native/src/sslcontext.c
--- tomcat-native-1.1.29-src.orig/jni/native/src/sslcontext.c 2013-02-05 14:49:48.000000000 +0100
+++ tomcat-native-1.1.29-src/jni/native/src/sslcontext.c 2014-02-04 23:03:29.000000000 +0100
@@ -151,6 +151,11 @@
(unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
&(c->context_id[0]), NULL, EVP_sha1(), NULL);
if (mode) {
+ /* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
+ EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ SSL_CTX_set_tmp_ecdh(c->ctx, ecdh);
#
# Install the necessary dependencies
# Make sure to use a recent OpenSSL (1.0.1+)
# These deps are for a Debian based system
#
apt-get install build-essential libapr1-dev libssl-dev
#
# Download and unzip Tomcat Native (replace version number where necessary)
#
<Connector port="8443" protocol="HTTP/1.1"
connectionTimeout="20000" keepAliveTimeout="120000"
SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" SSLProtocol="SSLv3+TLSv1"
SSLCertificateFile="conf/certificate.pem"
SSLCertificateKeyFile="conf/key.pem"
SSLCertificateChainFile="conf/chain.pem"
SSLCipherSuite="<<see https://wiki.mozilla.org/Security/Server_Side_TLS>>"
SSLHonorCipherOrder="true" SSLDisableCompression="true"
/>
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.core.PriorityOrdered;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
/**
* This postprocessor sets {@code useSuffixPatternMatch} and {@code useTrailingSlashMatch} to {@code false}, so we have
* exact URL matching. This prevents 404's, wrong base URL's, and automatic matching on extensions (.json), which is
* useful when using {@code PathParam}s.
*
@MikeN123
MikeN123 / lastfm.py
Last active August 29, 2015 14:07 — forked from praseodym/lastfm.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# a last.fm now playing script originally written by Brandon Sutton
# some modifications by lifning
# and more modifications by praseodym
import urllib2
import sys
Index: src/main/net/sourceforge/jtds/ssl/Ssl.java
===================================================================
--- src/main/net/sourceforge/jtds/ssl/Ssl.java (revision 1289)
+++ src/main/net/sourceforge/jtds/ssl/Ssl.java (working copy)
@@ -44,6 +44,8 @@
String SSL_AUTHENTICATE = "authenticate";
/** Size of TLS record header. */
int TLS_HEADER_SIZE = 5;
+ /** SSLv2 Client hello message */
+ int TYPE_SSLV2CLIENTHELLO = 0x80;
[31202.487290] BUG: unable to handle kernel NULL pointer dereference at 0000000000000034
[31202.499656] IP: [<ffffffff814e4a12>] xfrm_input+0x3d2/0x590
[31202.502444] PGD 0
[31202.503479] Oops: 0000 [#1] SMP
[31202.505121] Modules linked in: seqiv xfrm6_mode_tunnel xfrm4_mode_tunnel xfrm_user xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp esp4 ah4 af_key xfrm_algo act_police cls_basic cls_flow cls_fw cls_u32 sch_tbf sch_prio sch_hfsc sch_htb sch_ingress sch_sfq xt_statistic xt_CT xt_realm xt_LOG iptable_raw xt_connlimit xt_addrtype xt_comment xt_nat xt_recent ipt_ULOG ipt_REJECT ipt_MASQUERADE ipt_ECN ipt_CLUSTERIP ipt_ah nf_nat_tftp nf_nat_snmp_basic nf_conntrack_snmp nf_nat_sip nf_nat_pptp nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp xt_set ip_set nf_nat_amanda nf_conntrack_tftp nf_conntrack_sip nf_conntrack_sane nf_conntrack_proto_udplite nf_conntrack_proto_sctp nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_irc ts_kmp nf_conntrack