Hi,
In light of the recent findings on client-cert auth
http://www.links.org/?p=780https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt , etc.
I assume this group has experts who might also know how can I tell my Java 5
(/Tomcat) not to use TLS renegotiation?
Any hints would be highly appreciated (apologies for being slightly
off-topic).
Ralf
P.S.: See also Eric Rescorla on
http://www.educatedguesswork.org/ "The most
practical defense on the server side is to restructure the site so that
requests which require client auth are redirected to a different address or
port which always requests a certificate and itself refuses
renegotiation."...
--
cell: +41 76/381-7760
fax: +41 43/558-8588
Securely and spam-free via:
https://www.privasphere.com/hauser@...Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 -
sicherer, schneller und einfacher!
http://portal.gmx.net/de/go/atbrowser
