This looks like it should work (haven't tested it yet), but hoping that there are people that can test on non-Sun JVMs to see if there could be problems. This patch is a little heavy on knowing how the JVM implements things :(.
<ma...@apache.org> wrote in message news:20091119220644.2d8f42388...@eris.apache.org... > Author: markt > Date: Thu Nov 19 22:06:43 2009 > New Revision: 882320 > > URL: http://svn.apache.org/viewvc?rev=882320&view=rev > Log: > Improve workaround for CVE-2009-3555 > On the plus side, it doesn't rely on an async event to close the > connection > On the down side, I haven't yet found a way to log client initiated > handshakes before they get closed > > Modified: > > tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java > tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESupport.java > > Modified: > tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java > URL: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java?rev=882320&r1=882319&r2=882320&view=diff > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
