> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Subject: RE: SSLv3/TLS man-in-middle vulnerability > > In particular, he stated that switching to the NIO connector at this > point wouldn't address it (from my reading of his post), as the fix > will require a JDK/JRE fix from the vendor and a workaround isn't > available yet.
You ignored Filip's post: "NIO doesn't allow handshakes and is not vulnerable. Instead it will time out the request. So if using Tomcat 6, then NIO is a work around." http://marc.info/?l=tomcat-user&m=126384310705143&w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org