Author: markt
Date: Mon Feb 1 10:12:10 2010
New Revision: 905234
URL: http://svn.apache.org/viewvc?rev=905234&view=rev
Log:
APR/native page has better info so link rather than copy
Modified:
tomcat/site/trunk/docs/security-5.html
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/xdocs/security-5.xml
tomcat/site/trunk/xdocs/security-6.xml
Modified: tomcat/site/trunk/docs/security-5.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-5.html?rev=905234&r1=905233&r2=905234&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-5.html (original)
+++ tomcat/site/trunk/docs/security-5.html Mon Feb 1 10:12:10 2010
@@ -1213,9 +1213,9 @@
<p>The NIO connector is not vulnerable as it does not support
renegotiation.</p>
- <p>The APR/native connector is vulnerable if the OpenSSL version used is
- vulnerable. Building with OpenSSL 0.9.8l will disable all renegotiation
- and protect against this vulnerability.</p>
+ <p>The APR/native workarounds are detailed on the
+ <a href="security-native.html">APR/native connector security page</a>.
+ </p>
<p>Users should be aware that the impact of disabling renegotiation will
vary with both application and client. In some circumstances disabling
Modified: tomcat/site/trunk/docs/security-6.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-6.html?rev=905234&r1=905233&r2=905234&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-6.html (original)
+++ tomcat/site/trunk/docs/security-6.html Mon Feb 1 10:12:10 2010
@@ -926,9 +926,9 @@
<p>The NIO connector is not vulnerable as it does not support
renegotiation.</p>
- <p>The APR/native connector is vulnerable if the OpenSSL version used is
- vulnerable. Building with OpenSSL 0.9.8l will disable all renegotiation
- and protect against this vulnerability.</p>
+ <p>The APR/native workarounds are detailed on the
+ <a href="security-native.html">APR/native connector security page</a>.
+ </p>
<p>Users should be aware that the impact of disabling renegotiation will
vary with both application and client. In some circumstances disabling
Modified: tomcat/site/trunk/xdocs/security-5.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-5.xml?rev=905234&r1=905233&r2=905234&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-5.xml (original)
+++ tomcat/site/trunk/xdocs/security-5.xml Mon Feb 1 10:12:10 2010
@@ -582,9 +582,9 @@
<p>The NIO connector is not vulnerable as it does not support
renegotiation.</p>
- <p>The APR/native connector is vulnerable if the OpenSSL version used is
- vulnerable. Building with OpenSSL 0.9.8l will disable all renegotiation
- and protect against this vulnerability.</p>
+ <p>The APR/native workarounds are detailed on the
+ <a href="security-native.html">APR/native connector security page</a>.
+ </p>
<p>Users should be aware that the impact of disabling renegotiation will
vary with both application and client. In some circumstances disabling
Modified: tomcat/site/trunk/xdocs/security-6.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-6.xml?rev=905234&r1=905233&r2=905234&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-6.xml (original)
+++ tomcat/site/trunk/xdocs/security-6.xml Mon Feb 1 10:12:10 2010
@@ -477,9 +477,9 @@
<p>The NIO connector is not vulnerable as it does not support
renegotiation.</p>
- <p>The APR/native connector is vulnerable if the OpenSSL version used is
- vulnerable. Building with OpenSSL 0.9.8l will disable all renegotiation
- and protect against this vulnerability.</p>
+ <p>The APR/native workarounds are detailed on the
+ <a href="security-native.html">APR/native connector security page</a>.
+ </p>
<p>Users should be aware that the impact of disabling renegotiation will
vary with both application and client. In some circumstances disabling
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
