On 03/04/2010 12:48 PM, Rainer Jung wrote:
On 02.03.2010 10:14, mt...@apache.org wrote:
Author: mturk
Date: Tue Mar 2 09:14:44 2010
New Revision: 917928
URL: http://svn.apache.org/viewvc?rev=917928&view=rev
Log:
Port SSLInsecureRenegotiation from mod_ssl
Modified:
tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/res/LocalStrings.properties
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/jni/SSL.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/jni/SSL.java?rev=917928&r1=917927&r2=917928&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/jni/SSL.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/jni/SSL.java Tue Mar 2
09:14:44 2010
@@ -113,9 +113,12 @@
/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
* This used to be 0x000FFFFFL before 0.9.7. */
public static final int SSL_OP_ALL = 0x00000FFF;
-
/* As server, disallow session resumption on renegotiation */
public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
= 0x00010000;
+ /* Permit unsafe legacy renegotiation */
+ public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION =
0x00040000;
+ /* If set, always create a new key when using tmp_eddh parameters */
+ public static final int SSL_OP_SINGLE_ECDH_USE = 0x00080000;
Is that intentional: ^^^^^^^^^^^^^^^^^^^^^^
Yep, intentional.
It's just catching up the OpenSSL API since we are catching up anyhow.
Could have probably go into a separate commit message as well.
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
