Author: markt
Date: Tue Nov 10 15:43:17 2009
New Revision: 834510
URL: http://svn.apache.org/viewvc?rev=834510&view=rev
Log:
Document allowUnsafeLegacyRenegotiation
Modified:
tomcat/trunk/webapps/docs/config/http.xml
Modified: tomcat/trunk/webapps/docs/config/http.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=834510&r1=834509&r2=834510&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Tue Nov 10 15:43:17 2009
@@ -789,6 +789,13 @@
certificates.</p>
</attribute>
+ <attribute name="allowUnsafeLegacyRenegotiation" required="false">
+ <p>Is unsafe legacy TLS renegotiation allowed which is likely to expose
+ users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS
+ protocol that allows an attacker to inject arbitrary data into the user's
+ request. If not specified, a default of <code>false</code> is used.</p>
+ </attribute>
+
</attributes>
<p>For more information, see the
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
