On 28/01/2011 19:29, Olaf Tomczak wrote: > Mark, > > 2011/1/28 Mark Thomas <ma...@apache.org> >> >> On 28/01/2011 19:00, Olaf Tomczak wrote: >>> Hello, >>> >>> Does Tomcat support the so called "secure TLS renegotiation"? If so, what >>> should I configure to use it? >>> Currently when connecting to my application using secure connection most >>> browsers complain about my server software being "very old" and insecure >>> because of the lack of this feature. >>> >>> I'm using Tomcat 6.0.29 on linux/freebsd. >> >> Yes, if the JVM supports it. >> >> You'll probably need to enable Tomcat's allowLegacyRegenotiation feature >> else Tomcat will block all renegotiation. > > I googled "allowLegacyRenegotiation" and found this article: > http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html > > It describes the following 2 system properties: > sun.security.ssl.allowUnsafeRenegotiation - Introduced in Phase 1, > this controls whether legacy (unsafe) renegotiations are permitted. > sun.security.ssl.allowLegacyHelloMessages - Introduced in Phase 2, > this allows the peer to handshake without requiring the proper RFC > 5746 messages. > > Are these what you meant?
That is what I meant for the Oracle part. You'll need to look at the Tomcat configuration docs for HTTP connector for allowLegacyRenegotiation Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org