Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Sesion renegotiation and JDK 1.6 20 with Pramati 5.0 SP3  RSS feed

 
Ajit Kanada
Ranch Hand
Posts: 96
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

We have added Dsun.security.ssl.allowUnsafeRenegotiation=false in our Pramati Server startup script and its using
JDK 1.6_20.

With JDK 1.6_20 Session renegotiation is disabled by default.But in a security audit our server was found vulnerable to "Sesion renegotiation attack".

Any clues if this is a problem with the fix which is present in JDK 1.6_20 ?

Ajit
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!