Author: markt Date: Fri Nov 20 00:50:20 2009 New Revision: 882369 URL: http://svn.apache.org/viewvc?rev=882369&view=rev Log: Propose alternative fix
Modified: tomcat/tc5.5.x/trunk/STATUS.txt Modified: tomcat/tc5.5.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=882369&r1=882368&r2=882369&view=diff ============================================================================== --- tomcat/tc5.5.x/trunk/STATUS.txt (original) +++ tomcat/tc5.5.x/trunk/STATUS.txt Fri Nov 20 00:50:20 2009 @@ -250,4 +250,11 @@ http://people.apache.org/~markt/patches/2009-11-17-cookie-allow-equals.patch +1: markt -1: - \ No newline at end of file + +* Alternative fix for CVE-2009-3555 SSL MITN + The current patch uses an async callback to close the socket. It is + technically possible an attack may suceed before the socket is closed + The new patch only logs failed server initiated negotiations + http://people.apache.org/~markt/patches/2009-11-20-cve2009-3555-v2.patch + +1: markt + -1: --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org