Isn't the naming a bit harsh? OpenSSl names it legacy renegotiation (to make it differ from the future renegotiation with TLS extension). So maybe enableLegacyRenegotiation would be better? Of course it wouldn't keep people from activating as much as the proposed name does, but on the other hand (unfortunately) there are valid use cases to activate it.
FWIW, the OpenBSD people have committed their change to their OpenSSL library, and they used the name SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION Ian --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
