Ok I understand, Is it mentioned somewhere in tomcat spec. That it is not being used in JSSE connector.
Based on the above answer my next question: If any browser is affected with this CVE , then what happen, e.g IE-11. If user tries to open the web application from IE-11 , then what happen. ________________________________________ From: Ognjen Blagojevic [ognjen.d.blagoje...@gmail.com] Sent: Friday, March 27, 2015 8:34 PM To: Tomcat Users List Subject: Re: SSL / TLS compression | SPDY service|CVE-2012-4929 Rahul, On 27.3.2015 14:42, Rahul Kumar Singh wrote: > So how to disable compression and / or the SPDY service in tomcat6. If you are using JSSE connectors (BIO/NIO/NIO2), compression is already disabled because JSSE does not support it, and there is no support for SPDY protocol on those connectors. If you are using APR/Native connector, if you didn't explicitly enabled it, SPDY is disabled by default. You may disable TLS compression using APR/Native connector parameter SSLDisableCompression="true". -Ognjen --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org DISCLAIMER: ----------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or NEC or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of NEC or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. . ----------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org