You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2014/04/11 07:50:49 UTC
Re: [OT] How can I tell which version of OpenSSL is being used with
tomcat?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Konstantin,
On 4/10/14, 3:06 AM, Konstantin Kolinko wrote:
> 2014-04-10 12:25 GMT+04:00 Christopher Schultz
> <ch...@christopherschultz.net>:
>>
>> (...)
>>
>> Andrew, if you haven't changed the Tomcat default configuration
>> and you used the service installer, you likely have a vulnerable
>> server depending upon exactly which version you installed,
>> because the installer automatically installs tcnative, and the
>> default protocol in server.xml (HTTP/1.1) auto-prefers the APR
>> connector to the BIO connector.
>>
>
> The default configuration is NOT vulnerable to HeartBleed. as the
> HTTPS protocol is not enabled by default. You need to generate or
> buy a server certificate and configure it to enable HTTPS.
You are correct: the default configuration has SSL disabled.
But, since this was a question about SSL, I figured that the OP had
SSL enabled.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJTR4K5AAoJEBzwKT+lPKRYJ7oP/jKhBgd9tTFdMC+NFNhA8T4x
Qv/ffTpBx24RMk3+bNQFb4bBtnH9wNIbpR+MI8KM4fRvrtLy/8rtFo84GShq4GaD
dPGkOUtkSrLVFX3utG5+wt301kZGS17cbXg1wTy/2jdsI+AuAZ6ur/lT8LDMtaak
8OTiQvRcb6ToKARPgXx7S/+7dHhdfuQJFA++jLc9OUFfmdNZzhyhkJnMDhbtVbCn
2doCqQe6JbRBONwqDJX/RYxOjUlLjiJqaZsMHpasCVwf1+TukTySURNkV68IAa+E
NPOR6u7s5H3FfuFj0dLYUIrIQ8AoI4EtwX+T7eYZRS3tZwClaf1woIll01TEWKm8
G4KqmFcFvoh9T6jTJBCDhYgb18Z4+0LWMWEe0iHjzcNdATM++8b+CmkIFyc0oU10
MjxBo36HbAdtGG42MtLXg9IkTSYzmfCFnFiJyhFq8C42H10IM1XNsT8D3gX5+c9A
htHcoPmrMwn0ExVuGstyHHJgoXqICuUU3dRRAA9VCJ42hslpaM8l19wzHAkGDVNd
LbvQUBZZWv7mBGdsEXW6lpn4WDi5nF8OOSPmN8c2X14XPcONfsu7CqIA3q0IXjcJ
wIpC4A8s82WR+xQXDuSE2im1oSYNTENTfdpnfEz6h9V/brSD6yZ1stue4PgdqtrU
Zg71tWDYQip36e7SJpMU
=th+K
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org