tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yosi izaq <izaq...@gmail.com>
Subject Re: TLS renegotiation MitM vulnerability. Is it fixed in Tomcat?
Date Sun, 24 Jan 2010 14:26:15 GMT
response Inline.

10x 4 the prompt answer!
Yosi

>
> 6.0.24 has just been released, it is the best available version.
>
> Your Connector config will determine which fix you need to employ.
>
[Yosi] I'm new to Tomcat. Do you refer to org.apache.coyote.http11 parameter
of the connector's CTOR?

>
> If you are using APR then you need to upgrade your SSL library (e.g.
> openssl) to the appropriate version.
>
> If you are using the Java based connectors then search the archive for the
> recent and detailed discussions on this topic.
>
[Yosi] According to archive NIO doesn't support renegotiation so the issue
is not relevant to NIO. Is my understanding correct?

>
>
> p
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message