2015年9月29日星期二

tomcat ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY

Please add the following content in tomcat/conf/server.xml   443 section:


ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"

2015年8月28日星期五

openfire 3.8.2 mysql high CPU 100%

I check the database statistics by(mysql > show full processlist;)

This query cosumed a lot CPU:

SELECT username FROM ofUser WHERE username LIKE ?


I read source code of openfire and found it has been used in following locations:

----------------------------------------
searching 'username like' in 'C:\openfire_src_3_8_2\openfire_src\src\java\org\jivesoftware\openfire\user\DefaultUserProvider.java' :
C:\openfire_src_3_8_2\openfire_src\src\java\org\jivesoftware\openfire\user\DefaultUserProvider.java(427):                 sql.append(" username LIKE ?");
found 'username like' 1 times。
----------------------------------------
searching  'username like' in 'C:\openfire_src_3_8_2\openfire_src\src\java\org\jivesoftware\openfire\user\JDBCUserProvider.java' :
C:\openfire_src_3_8_2\openfire_src\src\java\org\jivesoftware\openfire\user\JDBCUserProvider.java(326):                 sql.append(" username LIKE ?");
found  'username like' 1 times。


I changed like to =. 

SELECT username FROM ofUser WHERE username = ?

Then rebuild and replace openfire.jar of production.


Now mysql only cosume 4% CPU. :)



TAG: openfire 3.8.2 mysql high CPU 100%

2015年8月4日星期二

Notes: SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

resolution:
----------------------------------------------------------------------------------------
1) In FireFox, enter "about:config" in the URL field and press enter.
2) Accept the "This might void your warranty!" warning :)
3) In the search field at the top, enter "security.ssl3.dhe_rsa_aes"
4) Double click each result (128 and 256) to toggle the Value to "false"


From:https://support.mozilla.org/en-US/questions/1066238