https://bz.apache.org/bugzilla/show_bug.cgi?id=55536
--- Comment #5 from yuyan ---
For now, I find two solutions for this problem to share:
1 improve the jdk to java8 and set the system property as Ralf Hauser said:
System.setProperty("jdk.tls.rejectClientInitiatedRenegotiation", "true");
2 use
https://issues.apache.org/bugzilla/show_bug.cgi?id=55536
--- Comment #4 from Ralf Hauser ---
with java8, a per Ivan Ristic's excellent article
http://blog.ivanristic.com/2014/03/ssl-tls-improvements-in-java-8.html,
adding somewhere even in your application code
System.setProperty("jdk.tls.rejec
https://issues.apache.org/bugzilla/show_bug.cgi?id=55536
--- Comment #3 from Mark Thomas ---
(In reply to Ralf Hauser from comment #2)
> This RFE is not about APR, but the Java side of SSL/TLS.
I'm aware of that. APR is an optional solution.
> But even then, I am not going to argue with you abo
https://issues.apache.org/bugzilla/show_bug.cgi?id=55536
Ralf Hauser changed:
What|Removed |Added
Summary|allow to disable Secure |allow to disable Secure
