tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <mt...@apache.org>
Subject APR Connector renegotiation fix
Date Thu, 12 Nov 2009 11:34:53 GMT
Hi,

Just made the fix by modifying the mod_ssl patch
so that connection gets closed on R.

Problem with OpenSSL 0.9.8l that it has renegotiation
disabled and that it gets blocked in 'R' thus making
it a potential DoS (much worse then actual R) so
I'd suggest we don't use it and create immediate release
of 1.1.18 with the fix.

Please test the trunk or apply the patches to 1.1.x
(even better vote with +1 :)

Note. Don't use 0.9.8l for testing cause that bugger will
block on renegotiation until socket timeout.

Regards
-- 
^TM


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message