httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <>
Subject Re: handling request splicing in case of server initiated renegotiation CVE-2009-3555
Date Thu, 19 Nov 2009 09:30:41 GMT
On Tue, Nov 17, 2009 at 06:12:41PM +0100, Hartmut Keil wrote:
> The client must stop and wait for the response in any case, otherwise the
> response of a subsequent request will get lost, if the server is not configured
> for keep-alive, or the response for the first request causes the server to close
> the connection:

It's not the case that clients "must stop and wait" - read RFC 2616 for 
a description of HTTP pipelining.

Regards, Joe

View raw message