Author: markt Date: Tue Nov 10 15:43:17 2009 New Revision: 834510 URL: http://svn.apache.org/viewvc?rev=834510&view=rev Log: Document allowUnsafeLegacyRenegotiation
Modified: tomcat/trunk/webapps/docs/config/http.xml Modified: tomcat/trunk/webapps/docs/config/http.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=834510&r1=834509&r2=834510&view=diff ============================================================================== --- tomcat/trunk/webapps/docs/config/http.xml (original) +++ tomcat/trunk/webapps/docs/config/http.xml Tue Nov 10 15:43:17 2009 @@ -789,6 +789,13 @@ certificates.</p> </attribute> + <attribute name="allowUnsafeLegacyRenegotiation" required="false"> + <p>Is unsafe legacy TLS renegotiation allowed which is likely to expose + users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS + protocol that allows an attacker to inject arbitrary data into the user's + request. If not specified, a default of <code>false</code> is used.</p> + </attribute> + </attributes> <p>For more information, see the --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org