As far as I know, JSSE doesn't support compression. [1] claims this, but doesn't have a reference, and I can't find anything else useful on the internet, although i recall an analysis of the CRIME attack that claimed the same thing.
At this point I'd probably opt for an OpenJDK code dive. tim [1]: http://en.wikipedia.org/wiki/Comparison_of_TLS_implementations On Wed, Jan 16, 2013 at 12:17 PM, Christopher Schultz <ch...@christopherschultz.net> wrote: > All, > > I'm working on a fix for > https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 which is > requesting the ability to disable TLS compression in the APR connector. > > If possible, I'd like to write a patch that will work for both kinds of > connectors: those based upon JSSE And those based upon APR. > > I haven't found much luck searching the web for how to disable TLS > compression using JSSE. > > Can anyone suggest some resources? > > Thanks, > -chris > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
