Is Camel affected by the OpenSSL heart bleed bug?

[bocamel <jo...@gmail.com>]

We are using Camel (with CXF and Karaf).  Does anyone know if we should be
concerned with this new OpenSSL security bug?

Thanks!



--
View this message in context: http://camel.465427.n5.nabble.com/Is-Camel-affected-by-the-OpenSSL-heart-bleed-bug-tp5750006.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Re: Is Camel affected by the OpenSSL heart bleed bug?

[bocamel <jo...@gmail.com>]

Thank you very much for the quick response!



--
View this message in context: http://camel.465427.n5.nabble.com/Is-Camel-affected-by-the-OpenSSL-heart-bleed-bug-tp5750006p5750131.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Re: Is Camel affected by the OpenSSL heart bleed bug?

[Richard Kettelerij <ri...@gmail.com>]

Camel, CXF, Karaf are all written in Java and Java has its own crypto/SSL
implementation. There's no dependency on OpenSSL in any of those
applications/frameworks.

Of course if you're running Camel/CXF/Karaf on a server that does use
OpenSSL for something else (let's say you're running Camel or CXF behind
Apache HTTPd with mod_ssl) then you may be affected by this vulnerability
since mod_ssl does use OpenSSL. But Camel, CXF, Karaf and ActiveMQ itself
don't use OpenSSL.

Kind regards,
Richard Kettelerij
http://richardlog.com


On Wed, Apr 9, 2014 at 7:53 PM, bocamel <jo...@gmail.com> wrote:

> We are using Camel (with CXF and Karaf).  Does anyone know if we should be
> concerned with this new OpenSSL security bug?
>
> Thanks!
>
>
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/Is-Camel-affected-by-the-OpenSSL-heart-bleed-bug-tp5750006.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>