angler-fishThe Vulnerability History Project

CVE-2009-3555. Provide option to disable legacy SSL renegotiation.

      Based on Costin's patch for trunk with some modifications.
Note an alternative patch is proposed but it requires some of the changes in this patch anyway.

git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc5.5.x/trunk@884998 13f79535-47bb-0310-9956-ffa450edef68
by Pauline the Wren 2009-11-27 20:43:58 UTC
commit c5e5a4f0e8d22c5419a7f10d4ccf8f8adc27ee51
Tomcat Fix Man in the Middle CVE-2009-3555
STATUS.txt
+6
connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE13SocketFactory.java
-3
connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14SocketFactory.java
-3
connectors/util/java/org/apache/tomcat/util/net/jsse/JSSE14Support.java
+1 -3
connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
+2 -29
container/webapps/docs/changelog.xml
-4
container/webapps/docs/config/http.xml
-7
expand_less