On Sun, Jan 24, 2010 at 1:36 PM, yosi izaq <izaq...@gmail.com> wrote:
> Hi, > > I'm an eng. working on a security product that also uses Tomcat for > Web-server functionality. > I'm concerned with the known TLS renegotiation MitM vulnerability. > I would like to ask whether there's a Tomcat version that contains a fix to > the issue?- Say by disabling TLS renegotiation by default and adding a > configuration parameter for enabling it if needed. > I did some searching on mail traffic and saw some SVN mentions of such a > possible fix, so I hope that a fix is either planned or already released. > > TIA, > Yosi Izaq > Cisco R&D > Hi, I've found mention of this record - CVE-2009-3555. According to that the BIO fix is made avialable in version 6.0.21. Is that correct?- Is the fix also available on version 6.0.18? TIA, Yosi
