TomEE or Tomcat do not actually ship OpenSSL, but have mechanisms such as APR that can utilize it. You should ensure that the OpenSSL installed on your machines is up to date.
See the following to get a better feel as to where OpenSSL has a potential surface area with TomEE/Tomcat: https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html https://tomcat.apache.org/tomcat-7.0-doc/apr.html Andy -- View this message in context: http://openejb.979440.n4.nabble.com/OpenSSL-Version-and-HeartBleed-tp4668702p4668704.html Sent from the OpenEJB Dev mailing list archive at Nabble.com.
