tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <>
Subject APR Connector renegotiation fix
Date Thu, 12 Nov 2009 11:34:53 GMT

Just made the fix by modifying the mod_ssl patch
so that connection gets closed on R.

Problem with OpenSSL 0.9.8l that it has renegotiation
disabled and that it gets blocked in 'R' thus making
it a potential DoS (much worse then actual R) so
I'd suggest we don't use it and create immediate release
of 1.1.18 with the fix.

Please test the trunk or apply the patches to 1.1.x
(even better vote with +1 :)

Note. Don't use 0.9.8l for testing cause that bugger will
block on renegotiation until socket timeout.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message