Win a copy of Emmy in the Key of Code this week in the General Computing forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Paweł Baczyński
  • Piet Souris
  • Vijitha Kumara

SSL Encryption Type

 
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

A Java Servlet I maintain uses SSL encryption. I THINK it uses JSSE SSL by Oracle and after the HeartBleed Bug announcement I don't want to be using OpenSSL. Can someone tell me how I can be sure this is the case please?

So far I have found nothing on Google.

Thanks in advance

AJF
 
Ranch Hand
Posts: 426
Eclipse IDE Fedora Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What OS are you running ? What application server ?
 
A Farroll
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OS on Live server is Windows Server 2008 R2 Standard. The Servlet is running on Tomcat V7.0.
 
Roger Sterling
Ranch Hand
Posts: 426
Eclipse IDE Fedora Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Open a command prompt in your Windows 2008 server and run this command :



Then post the output here.
 
A Farroll
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
C:\>openssl version -a
'openssl' is not recognized as an internal or external command, operable program or batch file.

I take it then openSSL is not used and then nothing to worry about??
 
Roger Sterling
Ranch Hand
Posts: 426
Eclipse IDE Fedora Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Windows binaries are provided by Apache for Tomcat for tcnative-1, which is a statically compiled .dll which includes OpenSSL and APR.

It can be downloaded from here as 32bit or AMD x86-64 binaries. In security conscious production environments, it is recommended to use separate shared dlls for OpenSSL, APR, and libtcnative-1, and update them as needed according to security bulletins.

Windows OpenSSL binaries are linked from the Official OpenSSL website (see related/binaries).



Your OS doesn't have openssl installed, but Tomcat does.
 
It's weird that we cook bacon and bake cookies. Eat this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!