Andre,
On 12.4.2014 0:51, André Warnier wrote:
Ognjen Blagojevic wrote:
On 11.4.2014 10:52, André Warnier wrote:
3) if he has recorded past encrypted traffic to/from your server, and
saved
this recording, then he can at any time go back and decrypt this past
traffic, and pick up
anything
Just for the sake of clarity, I will redundantly highlight some parts of
Christopher's
recent message :
Christopher Schultz wrote:
...
* If you are on 1.1.24-1.1.29, then you have been vulnerable. *
...
I can't stress enough that once you update to a fixed version, *you
must re-key your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
André,
On 4/11/14, 2:52 AM, André Warnier wrote:
As I understand it, the real bitch about this bug, is that *during
the whole period in which your server was vulnerable* , a
knowledgeable attacker would have been able to connect to your
server
On 11.4.2014 10:52, André Warnier wrote:
3) if he has recorded past encrypted traffic to/from your server, and saved
this recording, then he can at any time go back and decrypt this past
traffic, and pick up
anything interesting from there, even without having the new keys. Such
a recording
Ognjen Blagojevic wrote:
On 11.4.2014 10:52, André Warnier wrote:
3) if he has recorded past encrypted traffic to/from your server, and
saved
this recording, then he can at any time go back and decrypt this past
traffic, and pick up
anything interesting from there, even without having the new
On Thu, Apr 10, 2014 at 2:10 PM, Ji Song s...@glimmerglass.com wrote:
Hi,
Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x ? I noticed that
Tomcat native connector version 1.1.22 uses : OpenSSL 0.9.8 which doesn't
have the heartbleeding bug, but 1.1.24 and 1.1.29 also include
Hi
I think it is tcnative.dll. You should find the tar.gz file attached with the
source, which says you the version.
Best Regards,
Sasi Eswaravaka
-Original Message-
From: Ji Song [mailto:s...@glimmerglass.com]
Sent: Thursday, April 10, 2014 4:11 PM
To: 'users@tomcat.apache.org'
On 4/10/14 2:10 PM, Ji Song wrote:
Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x ? I noticed
that Tomcat native connector version 1.1.22 uses : OpenSSL 0.9.8
which doesn't have the heartbleeding bug, but 1.1.24 and 1.1.29 also
include the buggy openssl.
If you use JSSE for your SSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
James,
On 4/10/14, 3:32 PM, James H. H. Lampert wrote:
On 4/10/14 2:10 PM, Ji Song wrote:
Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x ? I
noticed that Tomcat native connector version 1.1.22 uses :
OpenSSL 0.9.8 which doesn't have