Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Sesion renegotiation and JDK 1.6 20 with Pramati 5.0 SP3

 
Ajit Kanada
Ranch Hand
Posts: 95
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

We have added Dsun.security.ssl.allowUnsafeRenegotiation=false in our Pramati Server startup script and its using
JDK 1.6_20.

With JDK 1.6_20 Session renegotiation is disabled by default.But in a security audit our server was found vulnerable to "Sesion renegotiation attack".

Any clues if this is a problem with the fix which is present in JDK 1.6_20 ?

Ajit
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic