[Bug 57234] Use case-insensitive substring search when filtering SSLv2/v3 protocols in connectors

bugzilla Tue, 18 Nov 2014 13:01:09 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=57234


Christopher Schultz <ch...@christopherschultz.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|                            |All

--- Comment #1 from Christopher Schultz <ch...@christopherschultz.net> ---
It's also feasible that a user would want to use SSLv2Hello, which is not
really a protocol. One could argue that nobody should even be using SSLv2Hello
since all of SSL should be dead, now -- any client that can use TLS should be
able to use a proper TLS hello.

(I didn't check to see if SSLv2Hello is returned by
socket.getEnabledProtocols() but I wanted to mention it in case someone was
going to patch this quickly.)

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 57234] Use case-insensitive substring search when filtering SSLv2/v3 protocols in connectors

Reply via email to