tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Klemme <shortcut...@googlemail.com>
Subject Re: Nessus scan claims vulnerability in Tomcat 6
Date Tue, 26 Feb 2013 15:38:35 GMT
On Tue, Feb 26, 2013 at 4:04 PM, Mark Thomas <markt@apache.org> wrote:
> On 26/02/2013 03:09, Robert Klemme wrote:

>> So one solution would be to remove APR lib from the system.
>
> Yes, although you will see performance for SSL drop.

Yes, of course.  That's not important in our case.

>> export OPENSSL_NO_DEFAULT_ZLIB=1
>>
>> before starting the JVM.
>
> I don't know if OpenSSL will honour that.

I'll let you know once I find out.

>>> There is no 6.0.x release with the necessary options yet.
>>
>> Do you know whether there will be?
>
> There will be but I'm not aware of any planned timing at this point. The
> changelog isn't that long but it has been a while since the last release so
> I guess we should start thinking about it.

Good!  Thanks for the update!

Kind regards

robert

-- 
remember.guy do |as, often| as.you_can - without end
http://blog.rubybestpractices.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message