Hello,I apologize if this is not the right place to send this question to. If it is not please point me to the correct contact person.
In light of newly discovered security threats on TLS (http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html), the current tomcat 5.5 available for debian lenny is vulnerable.
The tomcat developers are currently working on a patch to allow the setup of the server to completely prevent TLS renegotiation. For details on the current discussion please look at this thread: http://marc.info/?t=125761336000001&r=1&w=2
I would like to know if there are any plans on integrating this patch into the current distribution.
Thank you and best regards, Luciana Moreira ---------- This message has been signed by the PrivaSphere Mail Signature Service.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ pkg-java-maintainers mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
