svn commit: r1632912 - /tomcat/tc6.0.x/trunk/STATUS.txt

Sun, 19 Oct 2014 07:23:01 -0700 

Author: kkolinko
Date: Sun Oct 19 14:22:10 2014
New Revision: 1632912

URL: http://svn.apache.org/r1632912
Log:
votes

Modified:
    tomcat/tc6.0.x/trunk/STATUS.txt

Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: 
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1632912&r1=1632911&r2=1632912&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Oct 19 14:22:10 2014
@@ -61,10 +61,20 @@ PATCHES PROPOSED TO BACKPORT:
   http://people.apache.org/~markt/patches/2014-10-17-poodle-tc6-v1.patch
   +1: markt
   -1:
+  -0: kkolinko: I think that JSSESocketFactory.getEnabledProtocols() shall
+       not return DEFAULT_SERVER_PROTOCOLS list in case if there are no
+       matches. This behaviour silently enables default list of protocols,
+       instead of erroring out.
+       This bug did exist before this patch, so I filed
+        https://issues.apache.org/bugzilla/show_bug.cgi?id=57116
+
+       I wish there were some debug logging to see what protocols are being
+       filtered out by "if (protocol.contains("SSL"))".
+
 
 * Mitigate POODLE by disabling SSLv3 by default for APR/native
   http://svn.apache.org/r1632586
-  +1: markt
+  +1: markt, kkolinko
   -1:
 
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to