Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to turn off SSL/TLS renegotiation

843811Nov 6 2009 — edited Mar 11 2010
In light of the recent findings on client-cert auth https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt, etc.

How can I tell my Java/Tomcat not to use renegotiation?

Any hints would be highly appreciated

See also Eric Rescorla on http://www.educatedguesswork.org/ "The most practical defense on the server side is to restructure the site so that requests which require client auth are redirected to a different address or port which always requests a certificate and itself refuses renegotiation."...

http://www.links.org/?p=780
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Apr 8 2010
Added on Nov 6 2009
#java-secure-socket-extension-jsse
6 comments
1,138 views