Ah, didn't exactly ignore it, just forgot about it. I'd already removed it from the thread. Good point.
-----Original Message----- From: Caldarale, Charles R [mailto:[email protected]] Sent: Tuesday, January 19, 2010 9:56 AM To: Tomcat Users List Subject: RE: SSLv3/TLS man-in-middle vulnerability > From: Jeffrey Janner [mailto:[email protected]] > Subject: RE: SSLv3/TLS man-in-middle vulnerability > > In particular, he stated that switching to the NIO connector at this > point wouldn't address it (from my reading of his post), as the fix > will require a JDK/JRE fix from the vendor and a workaround isn't > available yet. You ignored Filip's post: "NIO doesn't allow handshakes and is not vulnerable. Instead it will time out the request. So if using Tomcat 6, then NIO is a work around." http://marc.info/?l=tomcat-user&m=126384310705143&w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] ******************************* NOTICE ********************************* This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
