-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ognjen,
On 4/9/14, 3:16 AM, Ognjen Blagojevic wrote: > Chris, > > On 9.4.2014 7:22, Christopher Schultz wrote: >> - -1 >> >> Switching to JSSE only stops the hemorrhaging. You should >> consider all your server keys compromised if OpenSSL 1.0.1 was >> used (prior to "g" patch level). If you switch to JSSE, your key >> may already have been compromised, so the switch does not >> protect you. >> >> If you were lucky enough to have been ignored by Internet >> miscreants, then switching will protect you, but it's a bad bet. >> The better bet is to upgrade ASAP to a 1.0.1g version of OpenSSL >> and then re-key everything. >> >> Then change all your passwords. :( > > I agree. What I was supposed to say is: After you revoke > certificates, and reissue a new one, you may switch to JSSE > connector, and then, wait for patched version of tcnative dll. > Thank you for pointing that out. Yup. Technically, it should only require a re-link, since none of the tcnative code should actually need a change. However, it's probably best to bump the version number to avoid too much confusion. Mladen is working on it right now. We'll see what action he chooses to take. I hope he builds a new version from current 1.1 branch, 'cause I want some new features available ;) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTRTyiAAoJEBzwKT+lPKRYLooP/i9oosXJyTyrzsDVpK0CZgnF RX6DwYkpxUzrli/Z0qcy1Foj1N1NxDtHGi+gx7VadiM22+W9HQcd2yG4FddiJEXJ uDq3SE/zWM5Wfr+TAbzyISP3DtbLGaqf1wi9f79pH5eSH1C1H7Kd+aeYk+6Ac3Ek FKt6hQWr9RBqSnzJavGHOPKa/9zcoQeYF+XwB583lejeZbcyDI4gYS2Yur/Uu+Yl wKXMLSt5pDkeqXkMtF6ZOUYr5DCX+Bg7ZpjPQIsfW9j0OLMRjynql6RNE55Ebxst P/K8LCv55h8fiB6nXP5/jqH59KPROs6gT9flwZwZ2wc5y27HLTZkswWrg4PLPpso htIGQPlto/RBLzwRFNcd4tg5L5QTuZbDx1T73fLHgaN393ymxtDzmuSx96/S+oLa GGK7+sxAndfseQX25CW9hqFhkFXip30clKXIgl7ZA3EWax193Jt8pf61Rc3HsMJQ AvPZ637CxuKPIPnVqYatefzertdJLbJ9X454veUScn1okT1dwhundESwmkBDiXw8 ujuIffz1MrI/jVXUYJ4hsHtN2eSulN7arJnuQ3uVd+lOyDdvRh7purctOwru/4ND ZlPjXE6bUAPOhDzY8WzM6zdHUKST2X1HDfOlElE/xJiHwqITzrZMqZKM/V9m7KqY f7R71H/nVFZFAU/Y4lGt =PMId -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
