Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Disable TLS renegotiation

843811Feb 16 2010 — edited Mar 11 2010

hi,

I'm using SunPKCS11 provider which is associated with NSS (NSS version 3.12.5).
the SunPKCS11 provider is configured to be used as the provider of a Tomcat server.

SSL/TLS renegotiation is disabled by default in NSS 3.12.5, but i'm still getting indication that the TLS renegotiation is enabled. (using Nessus tool)

how should i configure Tomcat or Sun provider to use NSS capability to disable the SSL/TLS renegotiation?
should i use Mozilla's JSS socket within my Tomcat's socket factory to achieve that?

Is there other way to disable TLS renegotiation in JSSE

Thanks,
abarak

Locked Post

New comments cannot be posted to this locked post.

Locked on Apr 8 2010

Added on Feb 16 2010

#java-secure-socket-extension-jsse

7 comments

803 views

Java Security

Disable TLS renegotiation

Comments

Post Details