On 11/11/09 09:09, Luciana Moreira Sa de Souza Signed by - PrivaSphere AG wrote:
Hello,
I am currently working on my company's platform to get around this
security problem during re-negotiation. After discussing with my group
about the progress being made towards a fix for tomcat, some questions
were raised and I was hoping you could help me answer them.
We use Tomcat 5.5 with JSSE installed via apt-get in the debian lenny
distribution. Are there any plans of putting this fix as an update in
the debian package?
It's up to debian maintainers weather they'll do that.
The other question is in relation to the configuration of this fix. I
saw proposals of putting a property in the server.xml to prevent
renegotiation from happening. Will this be done on a per Connector basis
or will this be Server setting? I ask this since we have parts of the
server were we would like to keep the old behavior and other parts that
we have to completely stop re-negotiations.
Per Connector.
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
