On 4/9/14 10:01 AM, Andrew Russell wrote:
If I installed tomcat on windows using the service installer, how can I know which version of openssl was used?
All I know is that if you're using a Java keystore and Keytool (or KeyStore Explorer) to set it up and maintain it, you're most likely not using ANY version of OpenSSL; you're using JSSE (which isn't affected by HeartBleed) instead.
Given that I've never set up security for Tomcat on any platform other than an IBM Midrange system (on which JSSE seems to be the only viable choce for SSL in Tomcat), I was actually rather astonished when I first learned that other platforms usually used OpenSSL.
-- JHHL --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
