Am 09.04.2014 11:13, schrieb Peter Ondruška: > On Wednesday, 9 April 2014, maarten ligtvoet <[email protected] > <mailto:[email protected]>> wrote: > >> Does the openSSL heartbleed bug effect jetty users? > Jetty uses Java VM's SSL, not OpenSSL.
and to continue the answer: Since the SSL-implementation should be in Pure Java, missing boundary-checks aren't a topic there. A final answer depends on the configuration of your JVM, though. In theory, you can change the SSLSocketFactory by one that actually uses OpenSSL via JNI, but that's something never being heard of - at least by me. Regards, Lothar _______________________________________________ jetty-users mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/jetty-users
