svn commit: r834510 - /tomcat/trunk/webapps/docs/config/http.xml

Tue, 10 Nov 2009 07:43:46 -0800 

Author: markt
Date: Tue Nov 10 15:43:17 2009
New Revision: 834510

URL: http://svn.apache.org/viewvc?rev=834510&view=rev
Log:
Document allowUnsafeLegacyRenegotiation

Modified:
    tomcat/trunk/webapps/docs/config/http.xml

Modified: tomcat/trunk/webapps/docs/config/http.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/http.xml?rev=834510&r1=834509&r2=834510&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/http.xml (original)
+++ tomcat/trunk/webapps/docs/config/http.xml Tue Nov 10 15:43:17 2009
@@ -789,6 +789,13 @@
       certificates.</p>
     </attribute>
     
+    <attribute name="allowUnsafeLegacyRenegotiation" required="false">
+      <p>Is unsafe legacy TLS renegotiation allowed which is likely to expose
+      users to CVE-2009-3555, a man-in-the-middle vulnerability in the TLS
+      protocol that allows an attacker to inject arbitrary data into the user's
+      request. If not specified, a default of <code>false</code> is used.</p>
+    </attribute>
+
   </attributes>
 
   <p>For more information, see the



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to