ponses allows me to devise a
quick mitigation plan for the vulnerability - i.e. switch to NIO (with the
extra bonus of better performance so what's not to like?)
Thanks so much Pid,
Yosi
On Sun, Jan 24, 2010 at 5:58 PM, Pid wrote:
> On 24/01/2010 14:26, yosi izaq wrote:
>
>> res
response Inline.
10x 4 the prompt answer!
Yosi
>
> 6.0.24 has just been released, it is the best available version.
>
> Your Connector config will determine which fix you need to employ.
>
[Yosi] I'm new to Tomcat. Do you refer to org.apache.coyote.http11 parameter
of the connector's CTOR?
>
> I
On Sun, Jan 24, 2010 at 1:36 PM, yosi izaq wrote:
> Hi,
>
> I'm an eng. working on a security product that also uses Tomcat for
> Web-server functionality.
> I'm concerned with the known TLS renegotiation MitM vulnerability.
> I would like to ask whether there's
enegotiation by default and adding a
configuration parameter for enabling it if needed.
I did some searching on mail traffic and saw some SVN mentions of such a
possible fix, so I hope that a fix is either planned or already released.
TIA,
Yosi Izaq
Cisco R&D
