Overview
The purpose of this update is provide information on the current
understanding so users are better informed when making decisions
regarding risk mitigation for this issue in their environment.
Work on the root cause is progressing but is still in a state of flux.
Discussion is f
On 11/09/2009 09:43 AM, Mark Thomas wrote:
BIO& NIO connectors using JSSE
These connectors are vulnerable when renegotiation is triggered by the
client or the server.
This is incorrect.
NIO doesn't do renegotiation. Instead it sees invalid data and times out.
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
A vulnerability in the TLS protocol has recently been made public [1]
that allows an attacker to inject arbitrary requests into an TLS stream.
The current understanding of the Tomcat developers is as follows:
BIO & NIO connectors using JSSE
These c