On 02.03.2010 10:14, mt...@apache.org wrote:
Author: mturk
Date: Tue Mar 2 09:14:44 2010
New Revision: 917928
URL: http://svn.apache.org/viewvc?rev=917928&view=rev
Log:
Port SSLInsecureRenegotiation from mod_ssl
Modified:
tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSL.java?rev=917928&r1=917927&r2=917928&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/jni/SSL.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/jni/SSL.java Tue Mar 2 09:14:44 2010
@@ -113,9 +113,12 @@
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
* This used to be 0x000FFFFFL before 0.9.7. */
public static final int SSL_OP_ALL =
0x00000FFF;
-
/* As server, disallow session resumption on renegotiation */
public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION =
0x00010000;
+ /* Permit unsafe legacy renegotiation */
+ public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION =
0x00040000;
+ /* If set, always create a new key when using tmp_eddh parameters */
+ public static final int SSL_OP_SINGLE_ECDH_USE =
0x00080000;
Is that intentional: ^^^^^^^^^^^^^^^^^^^^^^
The change should have been only about reneg or did I miss somthing?
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
