Summary: | ssl.SessionId Cache Control | ||
---|---|---|---|
Product: | Tomcat 6 | Reporter: | Yuval Perlov <yuvalperlov> |
Component: | Connectors | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | enhancement | CC: | patrick.coomans |
Priority: | P2 | ||
Version: | unspecified | ||
Target Milestone: | default | ||
Hardware: | All | ||
OS: | All | ||
Attachments: | Add sslSessionCacheSize and sslSessionTimeout attributes to <Connector> |
Description
Yuval Perlov
2008-01-23 05:29:19 UTC
Marking as an enhancement. Patches are always welcome. Created attachment 22247 [details]
Add sslSessionCacheSize and sslSessionTimeout attributes to <Connector>
This bug also generates a security breach when mutual SSL authentication is used with a certificate on a smartcard. When the card is removed from the computer, the session still continues. Changing this sslSessionTimeout to a low value would allow the application to detect card removal. This has been fixed in trunk and proposed for 6.0.x This has been fixed in 6.0.x and will be included in 6.0.19 onwards. |