Jetty uses Java VM's SSL, not OpenSSL. On Wednesday, 9 April 2014, maarten ligtvoet <[email protected]> wrote:
> Does the openSSL heartbleed bug effect jetty users? > > See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 > The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do > not properly handle Heartbeat Extension packets, which allows remote > attackers to obtain sensitive information from process memory via crafted > packets that trigger a buffer over-read, as demonstrated by reading private > keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. > > Greetings, > Maarten Ligtvoet >
_______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
