Mike Noordermeer MikeN123

## cipherlist.txt
Default	Cipher
 	SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
*	SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
 	SSL_DHE_DSS_WITH_DES_CBC_SHA
 	SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
*	SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
 	SSL_DHE_RSA_WITH_DES_CBC_SHA
 	SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
 	SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
 	SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

## server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
   maxThreads="150" scheme="https" secure="true"
   clientAuth="false" sslProtocol="TLS" keystoreFile="conf/keystore.jks" keystorePass="changeit"
   ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
   TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
   TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />

## tomcat-native-ecdhe.patch
diff -ru tomcat-native-1.1.29-src.orig/jni/native/src/sslcontext.c tomcat-native-1.1.29-src/jni/native/src/sslcontext.c
--- tomcat-native-1.1.29-src.orig/jni/native/src/sslcontext.c	2013-02-05 14:49:48.000000000 +0100
+++ tomcat-native-1.1.29-src/jni/native/src/sslcontext.c	2014-02-04 23:03:29.000000000 +0100
@@ -151,6 +151,11 @@
                (unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
                &(c->context_id[0]), NULL, EVP_sha1(), NULL);
     if (mode) {
+        /* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
+        EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+        SSL_CTX_set_tmp_ecdh(c->ctx, ecdh);

## tomcat_native.sh
#
# Install the necessary dependencies
# Make sure to use a recent OpenSSL (1.0.1+)
# These deps are for a Debian based system
#
apt-get install build-essential libapr1-dev libssl-dev

#
# Download and unzip Tomcat Native (replace version number where necessary)
#

## server.xml
    <Connector port="8443" protocol="HTTP/1.1"
     connectionTimeout="20000" keepAliveTimeout="120000"
     SSLEnabled="true" scheme="https" secure="true"
     clientAuth="false" SSLProtocol="SSLv3+TLSv1"
     SSLCertificateFile="conf/certificate.pem"
     SSLCertificateKeyFile="conf/key.pem"
     SSLCertificateChainFile="conf/chain.pem"
     SSLCipherSuite="<<see https://wiki.mozilla.org/Security/Server_Side_TLS>>"
     SSLHonorCipherOrder="true" SSLDisableCompression="true"
    />

## MvcConfigurationPostProcessor.java
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.core.PriorityOrdered;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

/**
 * This postprocessor sets {@code useSuffixPatternMatch} and {@code useTrailingSlashMatch} to {@code false}, so we have
 * exact URL matching. This prevents 404's, wrong base URL's, and automatic matching on extensions (.json), which is
 * useful when using {@code PathParam}s.
 *

## p4merge4git.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                MikeN123
                / p4merge4git.md
            
            
              Created
              February 21, 2014 14:19
                — forked from tony4d/p4merge4git.md
            
          
    Download and install p4merge


Download the perforce visual tool suite from here: http://www.perforce.com/perforce/downloads/index.html
Copy only the p4merge.app file into your /Applications/ directory

Setup p4merge as a visual mergetool


## lastfm.py
#!/usr/bin/env python

# -*- coding: utf-8 -*-
# a last.fm now playing script originally written by Brandon Sutton
# some modifications by lifning
# and more modifications by praseodym

import urllib2
import sys

## jtds-ssl.diff
Index: src/main/net/sourceforge/jtds/ssl/Ssl.java
===================================================================
--- src/main/net/sourceforge/jtds/ssl/Ssl.java	(revision 1289)
+++ src/main/net/sourceforge/jtds/ssl/Ssl.java	(working copy)
@@ -44,6 +44,8 @@
     String SSL_AUTHENTICATE = "authenticate";
     /** Size of TLS record header. */
     int  TLS_HEADER_SIZE = 5;
+    /** SSLv2 Client hello message */
+    int TYPE_SSLV2CLIENTHELLO = 0x80;

## gist:2a6b23e7888d432bcc95
[31202.487290] BUG: unable to handle kernel NULL pointer dereference at 0000000000000034
[31202.499656] IP: [<ffffffff814e4a12>] xfrm_input+0x3d2/0x590
[31202.502444] PGD 0
[31202.503479] Oops: 0000 [#1] SMP
[31202.505121] Modules linked in: seqiv xfrm6_mode_tunnel xfrm4_mode_tunnel xfrm_user xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp esp4 ah4 af_key xfrm_algo act_police cls_basic cls_flow cls_fw cls_u32 sch_tbf sch_prio sch_hfsc sch_htb sch_ingress sch_sfq xt_statistic xt_CT xt_realm xt_LOG iptable_raw xt_connlimit xt_addrtype xt_comment xt_nat xt_recent ipt_ULOG ipt_REJECT ipt_MASQUERADE ipt_ECN ipt_CLUSTERIP ipt_ah nf_nat_tftp nf_nat_snmp_basic nf_conntrack_snmp nf_nat_sip nf_nat_pptp nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp xt_set ip_set nf_nat_amanda nf_conntrack_tftp nf_conntrack_sip nf_conntrack_sane nf_conntrack_proto_udplite nf_conntrack_proto_sctp nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_irc ts_kmp nf_conntrack
	Default Cipher
	SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
	* SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
	SSL_DHE_DSS_WITH_DES_CBC_SHA
	SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
	* SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
	SSL_DHE_RSA_WITH_DES_CBC_SHA
	SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
	SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
	SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
	<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
	maxThreads="150" scheme="https" secure="true"
	clientAuth="false" sslProtocol="TLS" keystoreFile="conf/keystore.jks" keystorePass="changeit"
	ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
	TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
	TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA" />
	diff -ru tomcat-native-1.1.29-src.orig/jni/native/src/sslcontext.c tomcat-native-1.1.29-src/jni/native/src/sslcontext.c
	--- tomcat-native-1.1.29-src.orig/jni/native/src/sslcontext.c 2013-02-05 14:49:48.000000000 +0100
	+++ tomcat-native-1.1.29-src/jni/native/src/sslcontext.c 2014-02-04 23:03:29.000000000 +0100
	@@ -151,6 +151,11 @@
	(unsigned long)((sizeof SSL_DEFAULT_VHOST_NAME) - 1),
	&(c->context_id[0]), NULL, EVP_sha1(), NULL);
	if (mode) {
	+ /* Set default (nistp256) elliptic curve for ephemeral ECDH keys */
	+ EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
	+ SSL_CTX_set_tmp_ecdh(c->ctx, ecdh);
	#
	# Install the necessary dependencies
	# Make sure to use a recent OpenSSL (1.0.1+)
	# These deps are for a Debian based system
	#
	apt-get install build-essential libapr1-dev libssl-dev

	#
	# Download and unzip Tomcat Native (replace version number where necessary)
	#
	<Connector port="8443" protocol="HTTP/1.1"
	connectionTimeout="20000" keepAliveTimeout="120000"
	SSLEnabled="true" scheme="https" secure="true"
	clientAuth="false" SSLProtocol="SSLv3+TLSv1"
	SSLCertificateFile="conf/certificate.pem"
	SSLCertificateKeyFile="conf/key.pem"
	SSLCertificateChainFile="conf/chain.pem"
	SSLCipherSuite="<<see https://wiki.mozilla.org/Security/Server_Side_TLS>>"
	SSLHonorCipherOrder="true" SSLDisableCompression="true"
	/>
	import org.springframework.beans.BeansException;
	import org.springframework.beans.factory.config.BeanPostProcessor;
	import org.springframework.core.PriorityOrdered;
	import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

	/**
	* This postprocessor sets {@code useSuffixPatternMatch} and {@code useTrailingSlashMatch} to {@code false}, so we have
	* exact URL matching. This prevents 404's, wrong base URL's, and automatic matching on extensions (.json), which is
	* useful when using {@code PathParam}s.
	*
	#!/usr/bin/env python

	# -- coding: utf-8 --
	# a last.fm now playing script originally written by Brandon Sutton
	# some modifications by lifning
	# and more modifications by praseodym

	import urllib2
	import sys
	Index: src/main/net/sourceforge/jtds/ssl/Ssl.java
	===================================================================
	--- src/main/net/sourceforge/jtds/ssl/Ssl.java (revision 1289)
	+++ src/main/net/sourceforge/jtds/ssl/Ssl.java (working copy)
	@@ -44,6 +44,8 @@
	String SSL_AUTHENTICATE = "authenticate";
	/** Size of TLS record header. */
	int TLS_HEADER_SIZE = 5;
	+ /** SSLv2 Client hello message */
	+ int TYPE_SSLV2CLIENTHELLO = 0x80;
	[31202.487290] BUG: unable to handle kernel NULL pointer dereference at 0000000000000034
	[31202.499656] IP: [<ffffffff814e4a12>] xfrm_input+0x3d2/0x590
	[31202.502444] PGD 0
	[31202.503479] Oops: 0000 [#1] SMP
	[31202.505121] Modules linked in: seqiv xfrm6_mode_tunnel xfrm4_mode_tunnel xfrm_user xfrm4_tunnel tunnel4 ipcomp xfrm_ipcomp esp4 ah4 af_key xfrm_algo act_police cls_basic cls_flow cls_fw cls_u32 sch_tbf sch_prio sch_hfsc sch_htb sch_ingress sch_sfq xt_statistic xt_CT xt_realm xt_LOG iptable_raw xt_connlimit xt_addrtype xt_comment xt_nat xt_recent ipt_ULOG ipt_REJECT ipt_MASQUERADE ipt_ECN ipt_CLUSTERIP ipt_ah nf_nat_tftp nf_nat_snmp_basic nf_conntrack_snmp nf_nat_sip nf_nat_pptp nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp xt_set ip_set nf_nat_amanda nf_conntrack_tftp nf_conntrack_sip nf_conntrack_sane nf_conntrack_proto_udplite nf_conntrack_proto_sctp nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_netbios_ns nf_conntrack_broadcast nf_conntrack_irc ts_kmp nf_conntrack