tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: svn commit: r834477 - in /tomcat/trunk: java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java test/org/apache/catalina/startup/TestTomcatSSL.java
Date Tue, 10 Nov 2009 14:55:18 GMT
On 10.11.2009 15:26, markt@apache.org wrote:
> @@ -105,6 +102,7 @@
>      protected String clientAuth = "false";
>      protected SSLServerSocketFactory sslProxy = null;
>      protected String[] enabledCiphers;
> +    protected boolean enableMitmVulnerability = false;
>  
>      /**
>       * Flag to state that we require client authentication.
> @@ -492,6 +490,9 @@
>                  getEnabledCiphers(requestedCiphers,
>                          sslProxy.getSupportedCipherSuites());
>  
> +            enableMitmVulnerability =
> +                "true".equals(attributes.get("enableMitmVulnerability"));
> +            
>              // Check the SSL config is OK
>              checkConfig();
>  
> 

Isn't the naming a bit harsh? OpenSSl names it legacy renegotiation (to
make it differ from the future renegotiation with TLS extension). So
maybe enableLegacyRenegotiation would be better? Of course it wouldn't
keep people from activating as much as the proposed name does, but on
the other hand (unfortunately) there are valid use cases to activate it.

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message