On 18/02/2010 00:04, Kevin Mills wrote: > On 2/17/10, Mark Thomas <ma...@apache.org> wrote: >> On 17/02/2010 23:48, Kevin Mills wrote: >>> Can anyone tell me what's going on here? >> >> CVE-2009-3555? >> >> http://tomcat.apache.org/tomcat-6.0-doc/config/http.html >> search for >> allowUnsafeLegacyRenegotiation > > Thanks for your reply - I did see that option and forgot to mention > that I tried it to no avail.
Then you probably haven't got your config quite right. There are plenty of things to go wrong with this but this definitely works - I was using it just the other day. We'll need to see: - connector element from server.xml - web.xml - tomcat-users.xml (assuming that is what you are using) for starters. Also a better description of the problem than "doesn't work" would help. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
