tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <>
Subject Re: svn commit: r917921 - in /tomcat/native/branches/1.1.x: java/org/apache/tomcat/jni/ native/include/ssl_private.h native/src/ssl.c native/src/sslcontext.c xdocs/miscellaneous/changelog.xml
Date Tue, 02 Mar 2010 17:40:14 GMT
On 03/02/2010 05:58 PM, jean-frederic clere wrote:
>>> How does that interacts with
>>> ?
>> The same way as in mod_ssl
> Yes but won't it be possible to allow client initiated renegotiation
> with 0.9.8m?

According to the OpenSSL docs:
If the option SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set then renegotiation always succeeds.

However mod_ssl adds an envvar so that server (application)
can figure out weather the client supports secure renegotiations.
We also have the handshake callback.

Will have to check all that more deeply. The docs are pretty confusing
and undefined in some areas.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message