Re: SSL / TLS compression | SPDY service|CVE-2012-4929

[André Warnier]

Rahul Kumar Singh wrote:
Ok I understand, 
Is it mentioned somewhere in tomcat spec. That it is not being used in JSSE connector.

Based on the above answer my next question:
If any browser is affected with this CVE , then what happen, e.g IE-11.
If user tries to open the web application from IE-11 , then what happen.

Why don't you try it yourself, and report here if there is a problem that you believe may 
affect the Tomcat community ?

________________________________________
From: Ognjen Blagojevic [ognjen.d.blagoje...@gmail.com]
Sent: Friday, March 27, 2015 8:34 PM
To: Tomcat Users List
Subject: Re: SSL / TLS compression | SPDY service|CVE-2012-4929

Rahul,

On 27.3.2015 14:42, Rahul Kumar Singh wrote:
So how to disable compression and / or the SPDY service in tomcat6.

If you are using JSSE connectors (BIO/NIO/NIO2), compression is already
disabled because JSSE does not support it, and there is no support for
SPDY protocol on those connectors.

If you are using APR/Native connector, if you didn't explicitly enabled
it, SPDY is disabled by default. You may disable TLS compression using
APR/Native connector parameter SSLDisableCompression="true".

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------
The contents of this e-mail and any attachment(s) are confidential and
intended
for the named recipient(s) only. 
It shall not attach any liability on the originator or NEC or its
affiliates. Any views or opinions presented in 
this email are solely those of the author and may not necessarily reflect the
opinions of NEC or its affiliates. 
Any form of reproduction, dissemination, copying, disclosure, modification,
distribution and / or publication of 
this message without the prior written consent of the author of this e-mail is
strictly prohibited. If you have 
received this email in error please delete it and notify the sender
immediately. .
-----------------------------------------------------------------------------------------------------------------------

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org