tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <mt...@apache.org>
Subject Re: svn commit: r917928 - in /tomcat/trunk: java/org/apache/tomcat/jni/SSL.java java/org/apache/tomcat/util/net/AprEndpoint.java java/org/apache/tomcat/util/net/res/LocalStrings.properties webapps/docs/changelog.xml
Date Thu, 04 Mar 2010 12:05:53 GMT 
On 03/04/2010 12:48 PM, Rainer Jung wrote:
> On 02.03.2010 10:14, mturk@apache.org wrote:
>> Author: mturk
>> Date: Tue Mar 2 09:14:44 2010
>> New Revision: 917928
>>
>> URL: http://svn.apache.org/viewvc?rev=917928&view=rev
>> Log:
>> Port SSLInsecureRenegotiation from mod_ssl
>>
>> Modified:
>> tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
>> tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
>> tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
>> tomcat/trunk/webapps/docs/changelog.xml
>>
>> Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
>> URL:
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSL.java?rev=917928&r1=917927&r2=917928&view=diff
>>
>> ==============================================================================
>>
>> --- tomcat/trunk/java/org/apache/tomcat/jni/SSL.java (original)
>> +++ tomcat/trunk/java/org/apache/tomcat/jni/SSL.java Tue Mar 2
>> 09:14:44 2010
>> @@ -113,9 +113,12 @@
>> /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
>> * This used to be 0x000FFFFFL before 0.9.7. */
>> public static final int SSL_OP_ALL = 0x00000FFF;
>> -
>> /* As server, disallow session resumption on renegotiation */
>> public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
>> = 0x00010000;
>> + /* Permit unsafe legacy renegotiation */
>> + public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION =
>> 0x00040000;
>> + /* If set, always create a new key when using tmp_eddh parameters */
>> + public static final int SSL_OP_SINGLE_ECDH_USE = 0x00080000;
>
> Is that intentional: ^^^^^^^^^^^^^^^^^^^^^^
>

Yep, intentional.
It's just catching up the OpenSSL API since we are catching up anyhow.
Could have probably go into a separate commit message as well.

Regards
-- 
^TM

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Mime
View raw message