tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yosi izaq <izaq...@gmail.com>
Subject TLS renegotiation MitM vulnerability. Is it fixed in Tomcat?
Date Sun, 24 Jan 2010 11:36:57 GMT
Hi,

I'm an eng. working on a security product that also uses Tomcat for
Web-server functionality.
I'm concerned with the known TLS renegotiation MitM vulnerability.
I would like to ask whether there's a Tomcat version that contains a fix to
the issue?- Say by disabling TLS renegotiation by default and adding a
configuration parameter for enabling it if needed.
I did some searching on mail traffic and saw some SVN mentions of such a
possible fix, so I hope that a fix is either planned or already released.

TIA,
Yosi Izaq
Cisco R&D

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message