On 4/10/14 2:10 PM, Ji Song wrote:
Does heartbleeding bug impact on Tomcat 6.x, 7.x and 8.x ? I noticed that Tomcat native connector version 1.1.22 uses : OpenSSL 0.9.8 which doesn't have the heartbleeding bug, but 1.1.24 and 1.1.29 also include the buggy openssl.
If you use JSSE for your SSL support, then you're not affected, no matter what version of OpenSSL your Tomcat uses.
Kind of makes all that futzing around with Keytool (because JSSE is apparently the only SSL option for Tomcat on an IBM Midrange box) all worth it. ;-)
-- JHHL --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org