[Bug 55536] allow to disable Secure Client-Initiated Renegotiation in Java TLS - DOS risk

bugzilla Tue, 21 Apr 2015 20:31:33 -0700

https://bz.apache.org/bugzilla/show_bug.cgi?id=55536


--- Comment #5 from yuyan <changtia...@hotmail.com> ---
For now, I find two solutions for this problem to share:
1 improve the jdk to java8 and set the system property as Ralf Hauser said:
System.setProperty("jdk.tls.rejectClientInitiatedRenegotiation", "true");

2 use NIO to replace BIO protocol
<!-- Define a HTTP/1.1 Connector on port 8443, JSSE NIO implementation -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
           port="8443" .../>
this solution is finded from 
http://stackoverflow.com/questions/12359288/disabling-ssl-tls-renegotiation-in-tomcat

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 55536] allow to disable Secure Client-Initiated Renegotiation in Java TLS - DOS risk

Reply via email to