better doco

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2895 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Greg Wilkins 2011-03-16 00:28:12 +00:00
parent c4807e45c9
commit dd5fc77cd1
1 changed files with 8 additions and 4 deletions

View File

@ -32,6 +32,7 @@ import java.security.cert.X509CertSelector;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@ -109,8 +110,9 @@ public class SslContextFactory extends AbstractLifeCycle
private boolean _needClientAuth = false;
/** Set to true if client certificate authentication is desired */
private boolean _wantClientAuth = false;
/** Set to true if renegotiation is allowed */
private boolean _allowRenegotiate = false;
private boolean _allowRenegotiate = true;
/** Keystore password */
private transient Password _keyStorePassword;
@ -532,9 +534,11 @@ public class SslContextFactory extends AbstractLifeCycle
/* ------------------------------------------------------------ */
/**
* Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered a vulnerability
* in SSL/TLS with re-negotiation. If your JVM does not have CVE-2009-3555 fixed,
* then re-negotiation should not be allowed.
* Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered
* a vulnerability in SSL/TLS with re-negotiation. If your JVM
* does not have CVE-2009-3555 fixed, then re-negotiation should
* not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban
* of renegotiates in u19 and with RFC5746 in u22.
*
* @param allowRenegotiate
* true if re-negotiation is allowed (default false)