On 2/17/10, Mark Thomas <ma...@apache.org> wrote: > On 17/02/2010 23:48, Kevin Mills wrote: >> Can anyone tell me what's going on here? > > CVE-2009-3555? > > http://tomcat.apache.org/tomcat-6.0-doc/config/http.html > search for > allowUnsafeLegacyRenegotiation
Thanks for your reply - I did see that option and forgot to mention that I tried it to no avail. Seeing as this renegotiation is a Bad Thing, what is the recommended way to do this? Another thread I followed talked about setting the Connector to allow any certificates and writing an Authentication Valve... is that the right direction? Thanks --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org