[Bug 57006] openssl s_client may connected with property allowUnsafeLegacyRenegotiation set false

bugzilla Tue, 23 Sep 2014 07:46:20 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=57006


xinshouke <1599409...@qq.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #3 from xinshouke <1599409...@qq.com> ---
Somebody checked my tomcat server, he reported a high sercurity risk with set
SSLEnabled as true but no disabled renegotiations. It's a way to verify the
issue thr command 'openssl s_client -connect ip:port'.
So I set allowUnsafeLegacyRenegotiation="false"  in the server.xml,the expected
result that it get error after run the command  'openssl s_client -connect
ip:port'. But, after executed the command,it still connected the
SSL.sucessfully.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57006] openssl s_client may connected with property allowUnsafeLegacyRenegotiation set false

Reply via email to