Return-Path: X-Original-To: apmail-camel-users-archive@www.apache.org Delivered-To: apmail-camel-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 15881119B7 for ; Wed, 9 Apr 2014 19:05:02 +0000 (UTC) Received: (qmail 19024 invoked by uid 500); 9 Apr 2014 19:05:00 -0000 Delivered-To: apmail-camel-users-archive@camel.apache.org Received: (qmail 18435 invoked by uid 500); 9 Apr 2014 19:04:59 -0000 Mailing-List: contact users-help@camel.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@camel.apache.org Delivered-To: mailing list users@camel.apache.org Received: (qmail 18426 invoked by uid 99); 9 Apr 2014 19:04:58 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2014 19:04:58 +0000 X-ASF-Spam-Status: No, hits=2.8 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,URI_HEX X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of richardkettelerij@gmail.com designates 209.85.220.179 as permitted sender) Received: from [209.85.220.179] (HELO mail-vc0-f179.google.com) (209.85.220.179) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2014 19:04:54 +0000 Received: by mail-vc0-f179.google.com with SMTP id ij19so2457644vcb.38 for ; Wed, 09 Apr 2014 12:04:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=U3c6KSUcD+hsrG4Hwo/Trs6ztMcxUs5VpwDXZ/lezG4=; b=uFuDNAkDdmfkVZyvWQs8uPo39cJFve0l/Afy8n9PUdGZp3j8L8YJM1OOO+++Kd1Psj rPlTdaUmWicL9KdH/Hv/5sTcIc1WAIPMjX+cPFRkQXTQFxlVlK/Sjr7izxCNo6a67app AqS74iExmXQRdhDzqzKf5zg1qpnkmy5bfh0dJ/hRCmUQ3tQyqYMBNbJU+cDmi1kOZpm8 qOdCJ3g+fGiSBUBsh8L49nWVcfTeBAttzOqx1cfTolaBEeGRD5PlsQQStvDe/fGF4eak A7eKflNZKC4rLHXdcSX1qWM3fDDG/T7T/68y1D4NyyY6YPSkLHCPEyGDt9lV8aRYjUMn pxlQ== X-Received: by 10.220.133.80 with SMTP id e16mr10280652vct.13.1397070272044; Wed, 09 Apr 2014 12:04:32 -0700 (PDT) MIME-Version: 1.0 Received: by 10.220.135.131 with HTTP; Wed, 9 Apr 2014 12:04:11 -0700 (PDT) In-Reply-To: <1397066027541-5750006.post@n5.nabble.com> References: <1397066027541-5750006.post@n5.nabble.com> From: Richard Kettelerij Date: Wed, 9 Apr 2014 21:04:11 +0200 Message-ID: Subject: Re: Is Camel affected by the OpenSSL heart bleed bug? To: "users@camel.apache.org" Content-Type: multipart/alternative; boundary=001a11362cd44aa5a504f6a0c5d7 X-Virus-Checked: Checked by ClamAV on apache.org --001a11362cd44aa5a504f6a0c5d7 Content-Type: text/plain; charset=UTF-8 Camel, CXF, Karaf are all written in Java and Java has its own crypto/SSL implementation. There's no dependency on OpenSSL in any of those applications/frameworks. Of course if you're running Camel/CXF/Karaf on a server that does use OpenSSL for something else (let's say you're running Camel or CXF behind Apache HTTPd with mod_ssl) then you may be affected by this vulnerability since mod_ssl does use OpenSSL. But Camel, CXF, Karaf and ActiveMQ itself don't use OpenSSL. Kind regards, Richard Kettelerij http://richardlog.com On Wed, Apr 9, 2014 at 7:53 PM, bocamel wrote: > We are using Camel (with CXF and Karaf). Does anyone know if we should be > concerned with this new OpenSSL security bug? > > Thanks! > > > > -- > View this message in context: > http://camel.465427.n5.nabble.com/Is-Camel-affected-by-the-OpenSSL-heart-bleed-bug-tp5750006.html > Sent from the Camel - Users mailing list archive at Nabble.com. > --001a11362cd44aa5a504f6a0c5d7--