tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Kolinko <knst.koli...@gmail.com>
Subject Re: SSL & Tomcat
Date Mon, 09 Nov 2009 10:34:10 GMT
2009/11/7 Mark Thomas <markt@apache.org>:
>
> We also need to think about what to do with tc native. Maybe something like:

I think that we can
- recommend recompiling 1.1.16 with OpenSSL 0.9.8l for those who used
our sources
- for those architectures where binaries are available for 1.1.16
(windows 32/64-bit), rebuild them using OpenSSL 0.9.8l

My understanding is that 1.1.17 and later require TC 6.0.21 and 5.5.29
and later and vice versa, because of some API changes, and thus won't
be useful until those versions are released.

> - release 1.1.17 with binaries built with 0.9.8l (so renegotiation is
> disabled)

+1

> - keep an eye on httpd and if they find a work-around, copy it and
> release 1.1.18 with renegotiation enabled
>

+1

> For now, I'm not proposing any changes to the docs although we may want
> to put a summary of the advice - once agreed - on the security pages.
>
> Thoughts?
>
> Mark
>

Best regards,
Konstantin Kolinko

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message