Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A6CE41007D for ; Wed, 9 Apr 2014 07:50:34 +0000 (UTC) Received: (qmail 40569 invoked by uid 500); 9 Apr 2014 07:50:29 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 40522 invoked by uid 500); 9 Apr 2014 07:50:28 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 40511 invoked by uid 99); 9 Apr 2014 07:50:27 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2014 07:50:27 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of aw@ice-sa.com designates 212.85.38.228 as permitted sender) Received: from [212.85.38.228] (HELO tor.combios.es) (212.85.38.228) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Apr 2014 07:50:20 +0000 Received: from [192.168.245.129] (HSI-KBW-46-237-206-233.hsi.kabel-badenwuerttemberg.de [46.237.206.233]) (Authenticated sender: andre.warnier@ice-sa.com) by tor.combios.es (Postfix) with ESMTPA id 87A5C3C044D for ; Wed, 9 Apr 2014 09:50:24 +0200 (CEST) Message-ID: <5344FBA4.1010205@ice-sa.com> Date: Wed, 09 Apr 2014 09:49:56 +0200 From: =?UTF-8?B?QW5kcsOpIFdhcm5pZXI=?= Reply-To: Tomcat Users List User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Tomcat Users List Subject: [OT] HeartBleed bug Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org I wonder if I may ask this list-OT question to the SSH experts on the list : I run some 25 webservers (Apache httpd-only, Tomcat-only, or Apache httpd + Tomcat). I do not use HTTPS on any of them. But I use SSH (OpenSSH) to connect to them over the Internet for support purposes, with "authorized_keys" on the servers. Are my servers affected by this bug ? Or is this (mainly) an HTTPS-related affair ? I mean : I will update OpenSSH on all my servers anyway. But do I have to consider that, with a non-negligible probability, the keys stored on my servers are already compromised ? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org