[Bug 57006] New: openssl s_client may connected with property allowUnsafeLegacyRenegotiation set false

bugzilla Tue, 23 Sep 2014 07:44:10 -0700

https://issues.apache.org/bugzilla/show_bug.cgi?id=57006


            Bug ID: 57006
           Summary: openssl s_client may connected with property
                    allowUnsafeLegacyRenegotiation set false
           Product: Tomcat 6
           Version: 6.0.41
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Connectors
          Assignee: [email protected]
          Reporter: [email protected]

I set as the below in server.xml,but tooling openssl s_client still may
connected sucessfully.
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150"
scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
allowUnsafeLegacyRenegotiation="false" keystorePass="123456" />

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 57006] New: openssl s_client may connected with property allowUnsafeLegacyRenegotiation set false

Reply via email to