[Bug 54324] Support is required to disable TLS compression to prevent against CRIME attacks

bugzilla Tue, 13 Aug 2013 02:52:55 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=54324


Sebb <s...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #9 from Sebb <s...@apache.org> ---
(In reply to Michael Osipov from comment #8)
> (In reply to Konstantin Kolinko from comment #7)
> > Implemented in Tomcat 6.0 by r1461021 , will be in 6.0.37
> 
> Konstantin,
> 
> the fix for 6.0.x strays from the convention lowercase name for variables.
> See
> http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/
> util/net/AprEndpoint.java?r1=1461021&r2=1461020&pathrev=1461021
> 
> > protected boolean SSLDisableCompression = false;

And the boolean should be private.
It has both getter and setter so there is no need to expose it outside the
class.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 54324] Support is required to disable TLS compression to prevent against CRIME attacks

Reply via email to