posted 13 years ago
Hi,
We have added Dsun.security.ssl.allowUnsafeRenegotiation=false in our Pramati Server startup script and its using
JDK 1.6_20.
With JDK 1.6_20 Session renegotiation is disabled by default.But in a security audit our server was found vulnerable to "Sesion renegotiation attack".
Any clues if this is a problem with the fix which is present in JDK 1.6_20 ?
Ajit