https://issues.apache.org/bugzilla/show_bug.cgi?id=48158
--- Comment #3 from Mark Thomas <ma...@apache.org> 2009-11-09 06:15:15 GMT --- (In reply to comment #2) > Couldn't you make this an optional server.xml attribute See the clientAuth connector attribute for options already available for limiting server side re-negotiation. > > We can't do anything to prevent client initiated renegotiation. > Sure, but closing 2 out of 3 attack vectors is at least something, isn't it? In this case, I don't think it is. However, the options are already in place if you wish to use them. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
