Indeed
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Wed, Apr 23, 2014 at 10:35 AM, dsh <[email protected]> wrote:
> Another perspective on this matter:
>
> "Returning to Heartbleed, one thing conspicuously missing from the
> downshouting against OpenSSL is any pointer to a closed-source
> implementation that is known to have a lower defect rate over time. This is
> for the very good reason that no such empirically-better implementation
> exists." - Eric S Raymond
>
> Cheers
> Daniel
>
>
> On Mon, Apr 14, 2014 at 7:22 AM, Romain Manni-Bucau
> <[email protected]>wrote:
>
> > Well depend a lot of your config. Even Tomcat 7.0.53 is vulnerable to
> > heartbleed (fix release in progress with tc native)...but only if you use
> > native. In summary if you dont use apr you are safe (jsse typically).
> > Le 13 avr. 2014 23:10, "ihunter" <[email protected]> a écrit :
> >
> > > Hi Folks,
> > >
> > > Sorry about this - we're having a dose of paranoia regarding
> HeartBleed.
> > >
> > > I *believe* that TomEE 1.6.0 comes with OpenSSL at version 1.0.1c.
> > >
> > > I don't know about our old installation Tomcat 6.0.35.
> > >
> > > Can someone please give me a definitive answer on what versions are
> > > involved, and if we need to take any action on this HeartBleed thing.
> > >
> > > Many Thanks
> > > Ian Hunter
> > >
> > >
> > >
> > > --
> > > View this message in context:
> > >
> >
> http://openejb.979440.n4.nabble.com/OpenSSL-Version-and-HeartBleed-tp4668702.html
> > > Sent from the OpenEJB Dev mailing list archive at Nabble.com.
> > >
> >
>
