tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Tomcat Wiki] Update of "Security/Heartbleed" by OgnjenBlagojevic
Date Mon, 14 Apr 2014 08:19:34 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.

The "Security/Heartbleed" page has been changed by OgnjenBlagojevic:
https://wiki.apache.org/tomcat/Security/Heartbleed?action=diff&rev1=7&rev2=8

Comment:
Online tools

  == Am I Vulnerable? ==
  
  If you are running any server that uses OpenSSL version 1.0.1 with any patch level before
ā€œgā€ you may be vulnerable. Unless you happened to install OpenSSL 1.0.1 for the *first*
time after 2014-04-08 or so, you are almost certainly vulnerable. If you are running an ASF-provided
tcnative binary version 1.1.24-1.1.29, then you are vulnerable, as tcnative ships with a statically-linked
OpenSSL version which is vulnerable. If you are running OpenSSL 0.9.8 or 1.0.0, then you are
not vulnerable to this particular vulnerability. If you are using Tomcat with any Java connector
(BIO or NIO), then you are not vulnerable to this particular vulnerability.
+ 
+ You may also check if you are vulnerable using online tools:
+ 
+  1. [[http://filippo.io/Heartbleed/]]
+  1. [[https://www.ssllabs.com/ssltest/]]
  
  == How do I fix my servers? ==
  

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message