https://issues.apache.org/bugzilla/show_bug.cgi?id=57006
xinshouke <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- --- Comment #3 from xinshouke <[email protected]> --- Somebody checked my tomcat server, he reported a high sercurity risk with set SSLEnabled as true but no disabled renegotiations. It's a way to verify the issue thr command 'openssl s_client -connect ip:port'. So I set allowUnsafeLegacyRenegotiation="false" in the server.xml,the expected result that it get error after run the command 'openssl s_client -connect ip:port'. But, after executed the command,it still connected the SSL.sucessfully. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
