[Bug 57006] openssl s_client may connected with property allowUnsafeLegacyRenegotiation set false

bugzilla Tue, 23 Sep 2014 16:51:32 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=57006


xinshouke <1599409...@qq.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
                 CC|                            |1599409...@qq.com
         Resolution|INVALID                     |---

--- Comment #6 from xinshouke <1599409...@qq.com> ---
According to the reading source code and doc in the Tomcat web site,I found the
attribute 'allowUnsafeLegacyRenegotiation' with set false as default, I suspect
when I needn't set anythings for the attribute in the tomcat server.xml to
avoid The SSL Renegotation Attack thr SSL,should I?


(In reply to Mark Thomas from comment #5)
> I still don't see anything in this report that describes unexpected,
> undesirable or insecure behavior. Again, please user the users mailing list.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57006] openssl s_client may connected with property allowUnsafeLegacyRenegotiation set false

Reply via email to