Skip to main content

SSL Renegotiation Issue Fixed in JDK1.6.0_22

Posted by kumarjayanti on November 18, 2010 at 4:46 AM PST

 GlassFish users who make use of CLIENT-CERT authentication with SSL  in their JavaEE applications  should consider upgrading to JDK1.6.0_22. The good news is that JDK1.6.0_22 contains a full fix for  the renegotiation protocol flaw in SSL (The IETF issued RFC 5746 ).  A fix which implements RFC 5746 and supports secure renegotiation.

More details are here :

Related Topics >>


SSL Renegotiation Issue Fixed

Hello, could you pls take a look at this:

EJB and SSL:
This is on SJSAS 9_01 (GF 2 equivalent)

And also, in GF 3.0.1, i'm getting "Password verification failed" without even needing SSL: