https://bz.apache.org/bugzilla/show_bug.cgi?id=58891
Bug ID: 58891
Summary: Bad and/or dangerous SSL/TLS documentation
Product: Tomcat 8
Version: trunk
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Documentation
Assignee: dev@tomcat.apache.org
Reporter: alexander.kj...@gmail.com
Created attachment 33465
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33465&action=edit
improve SSL/TLS documentation
The current documentation gives really bad advise about how to handle SSL/TLS
certificates that might even lead to peoples websites being attacked.
I have rewritten the documentation and fixed the following problems:
1) Encouragement of using self signed certificates.
2) Advise to mix SSL and non-SSL pages on the same site (this could easily lead
to session cookie theft).
3) No information about HSTS
4) Outdated information about SNI and how the SSL/TLS handshake works.
Attached is a patch that rewrites the documentation
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
