Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Andreas Sittler (SITTA) Principal Solutions Architect
Pegasystems
DE
SITTA Member since 2010 3 posts
Posted: Sep 30, 2016
Last activity: Oct 4, 2016
Posted: 30 Sep 2016 6:34 EDT
Last activity: 4 Oct 2016 9:25 EDT
Closed

721 - Best practice for Tomcat config param SSLRenegBufferSize ?

Hello team, 

a customer (using HTTPS with a renegotiation policy) is facing HTTP 413 exceptions due to the size of POST requests.

The default Apache value is 131072 https://httpd.apache.org/docs/current/mod/mod_ssl.html, which apparently is not sufficient for a Pega application.

For security reason, they do not want to remove the limit completely.

Is there any best practice value that should be assigned here?

TIA, Andreas

 

To see attachments, please log in.
Security

Posted: 8 years ago
Posted: 4 Oct 2016 3:03 EDT
Adithya Kurmachalam (Adithya1)
Pegasystems Inc.
Solutions Engineer
Pegasystems Inc.
IN

Hi,

By increasing the renegotiation buffer size to a higher value (8 to 10 MB), HTTP 413 exception can be overcomed.

 

To see attachments, please log in.
Posted: 8 years ago
Posted: 4 Oct 2016 4:55 EDT
Sai Boyana (boyas)
PEGA
Principal Technical Solutions Engineer
Pegasystems Inc.
IN

By default  SSLRenegBufferSize is 131072(128 KB) you can increase this to 10MB(10486000) to avoid HTTP 413 Exception.

To see attachments, please log in.
Posted: 8 years ago
Posted: 4 Oct 2016 9:25 EDT
John Pritchard-Williams (JOHNPW_GCS) Client Support Team Lead
Pegasystems Inc.
GB

Just out of interest: it is the size of the POST body that is being exceeded here - or the POST request (the URL I mean) - if it's the URL - might be worth finding out whether whatever it doing that could be made to put the content in the POST body instead ?

 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice