On Wed, Apr 9, 2014 at 1:24 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
(Checked http://filippo.io/Heartbleed before and after) I built APR
and Tomcat Native from source on the server, so I assume it's doing
dynamic library loading.
Is the binary build staticly linked?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
David,
On 4/10/14, 10:39 AM, David Landis wrote:
On Wed, Apr 9, 2014 at 1:24 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
(Checked http://filippo.io/Heartbleed before and after) I built
APR and Tomcat Native from source on
Chris,
On 9.4.2014 7:22, Christopher Schultz wrote:
- -1
Switching to JSSE only stops the hemorrhaging. You should consider all
your server keys compromised if OpenSSL 1.0.1 was used (prior to g
patch level). If you switch to JSSE, your key may already have been
compromised, so the switch does
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ognjen,
On 4/9/14, 3:16 AM, Ognjen Blagojevic wrote:
Chris,
On 9.4.2014 7:22, Christopher Schultz wrote:
- -1
Switching to JSSE only stops the hemorrhaging. You should
consider all your server keys compromised if OpenSSL 1.0.1 was
used
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Arlo,
On 4/8/14, 4:36 PM, Arlo White wrote:
What would the Tomcat code change be?
No code changes, even at the tcnative level. It just requires a
re-link (remember, it's statically-linked on win32) with a safe
OpenSSL build.
I suppose it'd be
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Wednesday, April 09, 2014 12:25 AM
To: Tomcat Users List
Subject: Re: Does the HeartBleed vulnerability affect Apache Tomcat
servers using Tomcat Native?
Arlo,
On 4/8/14, 5:36 PM, Arlo
On 8.4.2014 18:48, Arlo White wrote:
Are Apache Tomcat servers using Tomcat Native APR vulnerable to the
HeartBleed OpenSSL bug, or does this layer insulate them?
http://heartbleed.com/
They are vulnerable. There is no layer to insulate.
You may test with:
http://filippo.io/Heartbleed/
I
Ognjen,
Has anyone entered a bugzilla request for this one?
Jeff
-Original Message-
From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com]
Sent: Tuesday, April 08, 2014 3:02 PM
To: Tomcat Users List
Subject: Re: Does the HeartBleed vulnerability affect Apache Tomcat
servers
-Original Message-
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
Sent: Tuesday, April 08, 2014 5:14 PM
To: 'Tomcat Users List'
Subject: RE: Does the HeartBleed vulnerability affect Apache Tomcat
servers using Tomcat Native?
Ognjen,
Has anyone entered a bugzilla
-Original Message-
From: Ognjen Blagojevic [mailto:ognjen.d.blagoje...@gmail.com]
Sent: Tuesday, April 08, 2014 3:02 PM
To: Tomcat Users List
Subject: Re: Does the HeartBleed vulnerability affect Apache Tomcat
servers using Tomcat Native?
On 8.4.2014 18:48, Arlo White wrote:
Are Apache Tomcat
not sure it's
necessary to redo the builds.
On 04/08/2014 03:30 PM, Jeffrey Janner wrote:
-Original Message-
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com]
Sent: Tuesday, April 08, 2014 5:14 PM
To: 'Tomcat Users List'
Subject: RE: Does the HeartBleed vulnerability affect
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Ognjen,
On 4/8/14, 2:02 PM, Ognjen Blagojevic wrote:
On 8.4.2014 18:48, Arlo White wrote:
Are Apache Tomcat servers using Tomcat Native APR vulnerable to
the HeartBleed OpenSSL bug, or does this layer insulate them?
http://heartbleed.com/
: Jeffrey Janner
[mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, April 08,
2014 5:14 PM To: 'Tomcat Users List' Subject: RE: Does the
HeartBleed vulnerability affect Apache Tomcat servers using
Tomcat Native?
Ognjen, Has anyone entered a bugzilla request for this one?
Jeff
Answering myself
13 matches
Mail list logo
