Chris,
On 9.4.2014 7:22, Christopher Schultz wrote:
- -1
Switching to JSSE only stops the hemorrhaging. You should consider all
your server keys compromised if OpenSSL 1.0.1 was used (prior to "g"
patch level). If you switch to JSSE, your key may already have been
compromised, so the switch does not protect you.
If you were lucky enough to have been ignored by Internet miscreants,
then switching will protect you, but it's a bad bet. The better bet is
to upgrade ASAP to a 1.0.1g version of OpenSSL and then re-key everything.
Then change all your passwords. :(
I agree. What I was supposed to say is: After you revoke certificates,
and reissue a new one, you may switch to JSSE connector, and then, wait
for patched version of tcnative dll. Thank you for pointing that out.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
