tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: secure TLS renegotiation
Date Fri, 28 Jan 2011 19:11:54 GMT
On 28/01/2011 19:00, Olaf Tomczak wrote:
> Hello,
> 
> Does Tomcat support the so called "secure TLS renegotiation"? If so, what
> should I configure to use it?
> Currently when connecting to my application using secure connection most
> browsers complain about my server software being "very old" and insecure
> because of the lack of this feature.
> 
> I'm using Tomcat 6.0.29 on linux/freebsd.

Yes, if the JVM supports it.

You'll probably need to enable Tomcat's allowLegacyRegenotiation feature
else Tomcat will block all renegotiation. That needs a rename to
allowRenegotiation in light of how Oracle decided to fix this.
Unfortunately Oracle went for system wide system properties rather than
providing an API to let folks control it per socket or connection.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message