-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Konstantin,
On 4/10/14, 3:06 AM, Konstantin Kolinko wrote: > 2014-04-10 12:25 GMT+04:00 Christopher Schultz > <[email protected]>: >> >> (...) >> >> Andrew, if you haven't changed the Tomcat default configuration >> and you used the service installer, you likely have a vulnerable >> server depending upon exactly which version you installed, >> because the installer automatically installs tcnative, and the >> default protocol in server.xml (HTTP/1.1) auto-prefers the APR >> connector to the BIO connector. >> > > The default configuration is NOT vulnerable to HeartBleed. as the > HTTPS protocol is not enabled by default. You need to generate or > buy a server certificate and configure it to enable HTTPS. You are correct: the default configuration has SSL disabled. But, since this was a question about SSL, I figured that the OP had SSL enabled. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTR4K5AAoJEBzwKT+lPKRYJ7oP/jKhBgd9tTFdMC+NFNhA8T4x Qv/ffTpBx24RMk3+bNQFb4bBtnH9wNIbpR+MI8KM4fRvrtLy/8rtFo84GShq4GaD dPGkOUtkSrLVFX3utG5+wt301kZGS17cbXg1wTy/2jdsI+AuAZ6ur/lT8LDMtaak 8OTiQvRcb6ToKARPgXx7S/+7dHhdfuQJFA++jLc9OUFfmdNZzhyhkJnMDhbtVbCn 2doCqQe6JbRBONwqDJX/RYxOjUlLjiJqaZsMHpasCVwf1+TukTySURNkV68IAa+E NPOR6u7s5H3FfuFj0dLYUIrIQ8AoI4EtwX+T7eYZRS3tZwClaf1woIll01TEWKm8 G4KqmFcFvoh9T6jTJBCDhYgb18Z4+0LWMWEe0iHjzcNdATM++8b+CmkIFyc0oU10 MjxBo36HbAdtGG42MtLXg9IkTSYzmfCFnFiJyhFq8C42H10IM1XNsT8D3gX5+c9A htHcoPmrMwn0ExVuGstyHHJgoXqICuUU3dRRAA9VCJ42hslpaM8l19wzHAkGDVNd LbvQUBZZWv7mBGdsEXW6lpn4WDi5nF8OOSPmN8c2X14XPcONfsu7CqIA3q0IXjcJ wIpC4A8s82WR+xQXDuSE2im1oSYNTENTfdpnfEz6h9V/brSD6yZ1stue4PgdqtrU Zg71tWDYQip36e7SJpMU =th+K -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
