It's best to be conservative.
Rather that than having your certificates (and everything else)
compromised.
Stefan
On 9 April 2014 20:36, Linda Toth ltt...@alaska.edu wrote:
We patched our backend servers yesterday and are in the process of
replacing certificates today.
We did not have
Hi
Does any component of CAS rely on any Open SSL libraries.
Linda
--
Linda Toth
University of Alaska - Office of Information Technology (OIT) - Identity
and Access Management
910 Yukon Drive, Suite 103
Fairbanks, Alaska 99775
Tel: 907-450-8320
Fax: 907-450-8381
linda.t...@alaska.edu |
IIUC, it depends on the container. In the case of Tomcat, the APR-based
connector uses OpenSSL. Similarly, using Apache in front of Tomcat will bring
OpenSSL into the mix as well.
Best regards,
--
Carlos M. Fernández
Sr. Enterprise Systems Admin
Saint Joseph's University
W: 610-660-1501
M:
Thanks - that summarizes my understanding.
In our case, that does apply. But I then wondered about native CAS as well.
Regards,
Linda
--
Linda Toth
University of Alaska - Office of Information Technology (OIT) - Identity
and Access Management
910 Yukon Drive, Suite 103
Fairbanks, Alaska
Some CAS clients probably do. E.g. mod_auth_cas is linked against
OpenSSL. CAS clients for various other languages (php, perl, certain
flavors of python, ...) might, as well.
Tom.
On 04/09/2014 12:04 PM, Carlos Fernandez wrote:
IIUC, it depends on the container. In the case of Tomcat, the
We have patched our back end OSes against openssl and we're replacing the
purchased certificate on the front end of our CAS service.
this openssl vulnerability is going to be a windfall for SSL CA signers!
- Rex Roof
WCC Systems Engineer r...@wccnet.edu
734-973-3478
On Wed, Apr 9, 2014 at 3:12
We patched our backend servers yesterday and are in the process of
replacing certificates today.
We did not have openSSL certs for the front end in any case, but they are
being conservative so that anyone who already had exploited the
vulnerability would be cut off.
Right on about commercial