> From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] > Subject: RE: SSLv3/TLS man-in-middle vulnerability > > If you have to stay with 5.5.23, you'll need to go with the ARP SSL > connector. > > (slap me if I'm still wrong Charles, but I checked the doc and there > doesn't appear to be support for NIO in 5.5.x)
That is correct; NIO was introduced with Tomcat 6.0. There are noticeable performance and security improvements in 6.0.x, so that would be the preferred approach, even if APR is used. Migration to 6.0.x is pretty much painless: http://tomcat.apache.org/migration.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org