I'm attempting to mitigate BEAST (CVE-2011-3389) attacks on Tomcat 6.0.35.
My understanding is that the attack applies only to CBC ciphers, and that
RC4 ciphers are not vulnerable, so I am attempting to restrict the set of
ciphers that Tomcat uses with the following config for a connector:
How
On 08/01/2013 15:33, Christopher Schultz wrote:
> All,
>
> Can someone point me to a reference in the servlet spec (or
> anywhere else for that matter) where any requirements are placed on
> the search ordering for static resources that appear in JAR files?
>
> I suspect that, like classes loaded
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
Can someone point me to a reference in the servlet spec (or anywhere
else for that matter) where any requirements are placed on the search
ordering for static resources that appear in JAR files?
I suspect that, like classes loaded from JAR fil
