Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Sesion renegotiation and JDK 1.6 20 with Pramati 5.0 SP3

 
Ajit Kanada
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

We have added Dsun.security.ssl.allowUnsafeRenegotiation=false in our Pramati Server startup script and its using
JDK 1.6_20.

With JDK 1.6_20 Session renegotiation is disabled by default.But in a security audit our server was found vulnerable to "Sesion renegotiation attack".

Any clues if this is a problem with the fix which is present in JDK 1.6_20 ?

Ajit
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic