I deploy Tomcat 7 in both 64 and 32 bit environments. When I deploy/upgrade, I download Tomcat from this page: http://tomcat.apache.org/download-70.cgi, downloading both the 32-bit Windows and 64-bit Windows zip files.
I would like to make sure that my Tomcat deployments are secure from the OpenSSL Heartbleed bug, and my understanding is that I simply need to replace tcnative-1.dll in my download with one from this page: http://apache.org/dist/tomcat/tomcat-connectors/native/1.1.30/binaries/. But which one? I assume I don't need OCSP-do I? But then in the download there are 3 different versions, one at the top level, one in i64 and one in x64. Can I assume that the top level one is 32 bit and the x64 one is 64 bit? Of course, it would be useful if there were simply a new release of Tomcat, or a readily available guide for current users on how to protect ourselves from this issue. Knowing whether an updated Heartbleed-free version of Windows Tomcat was coming in the next few days would resolve this issue as well. Thanks, Scott
