tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dku...@ccilindia.co.in
Subject Re: How to limit the number of renegotiations for a single TLS / SSL connection
Date Mon, 11 Feb 2013 11:10:48 GMT
Hello All,

We have upgraded the tomcat(7.0.35) and ssl(0.9.8x)
Still facing same issue
Please suggest

Thanks and regards
Deepak Kumar



From:   Pid <pid@pidster.com>
To:     Tomcat Users List <users@tomcat.apache.org>
Date:   02/09/2013 11:35 PM
Subject:        Re: How to limit the number of renegotiations for a single 
TLS / SSL connection



On 08/02/2013 15:05, Mark Thomas wrote:
> On 08/02/2013 14:34, Caldarale, Charles R wrote:
>>> From: dkumar@ccilindia.co.in [mailto:dkumar@ccilindia.co.in] 
>>> Subject: How to limit the number of renegotiations for a single TLS
>>> / SSL connection
>>
>>> We are using - Tomcat Version - 6.0.18
>>
>>> Please suggest the recommended solution for tomcat
>>
>> Try using a version of Tomcat that's newer than 4.5 years old.  Many
>> security-related fixes have gone in since then, and it's
>> irresponsible to expose your site to situations that have been
>> addressed years previously.  If you check the changelog, I think
>> you'll find this TLS issue was addressed quite some time ago; it may
>> require a JVM upgrade as well.
> 
> No, this is a different issue.

Not to disagree with Mark T... but the point about using old software is
still a good one.

 Tomcat 6.0.18 vs Tomcat 6.0.36

 OpenSSL 0.9.8k (25-Mar-2009) vs OpenSSL 0.9.8y (05-Feb-2013)


Focusing on particular issues like this, rather than addressing the big
picture and using a more recent build of Open SSL and/or Tomcat (that
will carry many fixes) means the OP is probably Doing IT Wrong.


p

-- 

[key:62590808]

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES
is proprietary to CCIL and intended for the original addressee only.
The message may contain information that is confidential and subject to legal privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender immediately
and destroy the message and copies thereof and any attachments contained in it .
 If you are not the intended recipient of this message, you are hereby notified that you must
not disseminate, copy, use, distribute, or take any action in connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been maintained nor that
it is free of errors, viruses, interception and/or interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of this message
and/or attachments and/or the use of the information contained in this message and/or attachments."
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message