tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Whittington <>
Subject Re: [VOTE] Release Apache Tomcat Native 1.1.30
Date Fri, 11 Apr 2014 09:56:57 GMT

On 10/04/2014, at 11:50 pm, Mladen Turk <> wrote:

> Version 1.1.30 is bug fixing release with added ECDH
> if supported by OpenSSL library.
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
> The VOTE will remain open for at least 48 hours.
> The Apache Tomcat Native 1.1.30 is
> [X] Stable, go ahead and release
> [ ] Broken because of ...

Tested on OS X Mavericks with Tomcat 7.0.x.
Builds cleanly against OpenSSL 1.0.1g and APR 1.50.
HTTP and HTTPS APR connectors tested.

Testing with Firefox, Chrome, Safari and openssl s_client shows TLSv1.2 and ECDHE cipher suites
being used.
Testing with shows SAFE from Heartbleed (as expected,
linking against 1.0.1g).

There’s one problem using APR/HTTPS in Tomcat on OS X, where SSL_library_init needs to be
called on the same thread that invokes SSLContext.make to make things work, but that’s not
a tcnative issue.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message