From dd5fc77cd1f0792cc6b940a0375da0512a77fb0d Mon Sep 17 00:00:00 2001 From: Greg Wilkins Date: Wed, 16 Mar 2011 00:28:12 +0000 Subject: [PATCH] better doco git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2895 7e9141cc-0065-0410-87d8-b60c137991c4 --- .../eclipse/jetty/http/ssl/SslContextFactory.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java b/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java index b39399b4706..5c7c0bcd150 100644 --- a/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java +++ b/jetty-http/src/main/java/org/eclipse/jetty/http/ssl/SslContextFactory.java @@ -32,6 +32,7 @@ import java.security.cert.X509CertSelector; import java.util.Arrays; import java.util.Collection; import java.util.Collections; +import java.util.Enumeration; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -109,8 +110,9 @@ public class SslContextFactory extends AbstractLifeCycle private boolean _needClientAuth = false; /** Set to true if client certificate authentication is desired */ private boolean _wantClientAuth = false; + /** Set to true if renegotiation is allowed */ - private boolean _allowRenegotiate = false; + private boolean _allowRenegotiate = true; /** Keystore password */ private transient Password _keyStorePassword; @@ -532,9 +534,11 @@ public class SslContextFactory extends AbstractLifeCycle /* ------------------------------------------------------------ */ /** - * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered a vulnerability - * in SSL/TLS with re-negotiation. If your JVM does not have CVE-2009-3555 fixed, - * then re-negotiation should not be allowed. + * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered + * a vulnerability in SSL/TLS with re-negotiation. If your JVM + * does not have CVE-2009-3555 fixed, then re-negotiation should + * not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban + * of renegotiates in u19 and with RFC5746 in u22. * * @param allowRenegotiate * true if re-negotiation is allowed (default false)