Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 22109 invoked from network); 24 Jan 2010 14:26:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 24 Jan 2010 14:26:48 -0000 Received: (qmail 68426 invoked by uid 500); 24 Jan 2010 14:26:45 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 68349 invoked by uid 500); 24 Jan 2010 14:26:44 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 68338 invoked by uid 99); 24 Jan 2010 14:26:44 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 24 Jan 2010 14:26:44 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of izaqyos@gmail.com designates 209.85.220.228 as permitted sender) Received: from [209.85.220.228] (HELO mail-fx0-f228.google.com) (209.85.220.228) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 24 Jan 2010 14:26:36 +0000 Received: by fxm28 with SMTP id 28so714462fxm.0 for ; Sun, 24 Jan 2010 06:26:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=5njmyjYZXFPeBYmRwWGk2DvLNad19KM5uJNQJcqjZ58=; b=CsgJCF4gvDOWudn4lK7gDVmH2k2w1B5Sia/1qxnikJsCeZo0NFdC9bJ7AqaVN8x48W YK0ur1U1fHBD1mlEPv+VJBy1/lTD0JH/J9HYoYhpXeKFCRSXD159AFeZ33oDW0+HoGH9 4fVFFPiA3AS/FSO6yfMsnLukWGjFvd2VCdLYI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=rxUgoP/BKZ+YgvwoyabKFGkm4YRjwVHtwdVCpk6rJw3qYNx0XiCEiZMQ2iCNR84/+9 VjBiHSaHxCBY6eHTRqf2XsgDsWy9OhrC+gDEXzJ9kbJCarO5GtyFs99r9XA0mooWcaku DuIg5aeKH9RjIudvcOfEma0jQlirF0WlUYu8c= MIME-Version: 1.0 Received: by 10.223.76.77 with SMTP id b13mr5461079fak.74.1264343175736; Sun, 24 Jan 2010 06:26:15 -0800 (PST) In-Reply-To: <4B5C54F3.9040007@pidster.com> References: <220ce4d1001240336g393e09b2va81a215d3b10882b@mail.gmail.com> <220ce4d1001240512g947cd0g407bc4b1267874fc@mail.gmail.com> <4B5C54F3.9040007@pidster.com> Date: Sun, 24 Jan 2010 16:26:15 +0200 Message-ID: <220ce4d1001240626w5a48ed68v69092d44c59a0e50@mail.gmail.com> Subject: Re: TLS renegotiation MitM vulnerability. Is it fixed in Tomcat? From: yosi izaq To: Tomcat Users List , pid@pidster.com Content-Type: multipart/alternative; boundary=001517478afcdd2f9f047de9d512 X-Virus-Checked: Checked by ClamAV on apache.org --001517478afcdd2f9f047de9d512 Content-Type: text/plain; charset=ISO-8859-1 response Inline. 10x 4 the prompt answer! Yosi > > 6.0.24 has just been released, it is the best available version. > > Your Connector config will determine which fix you need to employ. > [Yosi] I'm new to Tomcat. Do you refer to org.apache.coyote.http11 parameter of the connector's CTOR? > > If you are using APR then you need to upgrade your SSL library (e.g. > openssl) to the appropriate version. > > If you are using the Java based connectors then search the archive for the > recent and detailed discussions on this topic. > [Yosi] According to archive NIO doesn't support renegotiation so the issue is not relevant to NIO. Is my understanding correct? > > > p > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --001517478afcdd2f9f047de9d512--