SSL/TLS vulnerability
Vulnerabilidade SSL detectada no Java anterior à versão 1.6.0_19:
http://java.sun.com/javase/javaseforbusiness/docs/TLSReadme.html
De acordo com a minha thread colocada nos foruns da SUN, aqui fica a solução que encontrei para o problema:
http://java.sun.com/javase/javaseforbusiness/docs/TLSReadme.html
De acordo com a minha thread colocada nos foruns da SUN, aqui fica a solução que encontrei para o problema:
Hi,
I have found the solution of my problem.
As ghstark wrote, the problem can be fix in the apache side.
In this URL (https://access.redhat.com/kb/docs/DOC-20491), I found something like this:
Server-initiated renegotiations can be avoided by:
Changing the site layout so that a client certificate authentication is required for the whole site, rather than only a part. In other words, so that "SSLVerifyClient" is used only when directly inside asection.
Using the same cipher suite for the whole site. The highest cipher strength requirement of all directories and locations should be set in thesection.
This solved my problem.
Comentários