Hi, I'm an eng. working on a security product that also uses Tomcat for Web-server functionality. I'm concerned with the known TLS renegotiation MitM vulnerability. I would like to ask whether there's a Tomcat version that contains a fix to the issue?- Say by disabling TLS renegotiation by default and adding a configuration parameter for enabling it if needed. I did some searching on mail traffic and saw some SVN mentions of such a possible fix, so I hope that a fix is either planned or already released.
TIA, Yosi Izaq Cisco R&D
