-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Deepak,
On 2/9/13 4:05 AM, dku...@ccilindia.co.in wrote: > we have not specified any specific connector protocol in the > connector tag, is that mean we are using native APR connector, and > if it is so, then as renegotiation is not permitted in APR why VA > tool says renegotiation DoS vulnerability, and it would be of great > help if you explain how to implement HTTP NIO or BIO connector to > handle this renegotiation issue. The default connector depends upon your system configuration. I believe if you have APR/tcnative available, Tomcat will use that and you'll get an APR/HTTP connector. Otherwise, you'll get the BIO connector. You have to specifically request the NIO connector. > <Connector port="8443" SSLEnabled="true" acceptCount="500" > ciphers="Some cipher" allowUnsafeLegacyRenegotiation="false" > maxThreads="5" scheme="https" secure="false" clientAuth="false" > sslProtocol="TLS" keystoreFile="cert.key" keystorePass="password" > /> Using the APR connector for SSL will be much faster than either BIO or NIO. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEWUC8ACgkQ9CaO5/Lv0PB+FwCfQLqO5CsHc9cB4sq+mO5D8mq5 IDMAoLr6WXRqgu7JWiHewUD47Js36dXd =XY13 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
