Robert, On 3/10/15 10:59 AM, Robert Paasche wrote: > this may be a little offtopic, but I postet a fix for the native-library at > bug https://bz.apache.org/bugzilla/show_bug.cgi?id=56108.
I saw that comment and proposed patch. I must admit I don't quite understand both the problem and the solution (yet). I'd be happy to hear an in-depth explanation in another thread. Care to start one and give me a quick education? > The fix is based on the mod_ssl implementation of the httpd project for the > DH-based key exchange. This ensures that the used DH-Cipher is at least the > size of the private-key, otherwise the Cipher has a length of only 512 or > 1024 bits. Is it possible to release this fix within Tomcat 7.0.60? That depends upon the status of tcnative. If we can get a release done for tcnative before Violetta rolls 7.0.60, then it can go in. Otherwise, it'll have to wait for 7.0.61. I suspect that 7.0.61 isn't going to be months away, so it wouldn't be terrible if tcnative had to wait. -chris
signature.asc
Description: OpenPGP digital signature
