On Wed, Apr 9, 2014 at 12:13 PM, James H. H. Lampert < jam...@touchtonecorp.com> wrote:
> On 4/9/14 10:01 AM, Andrew Russell wrote: > >> If I installed tomcat on windows using the service installer, how can I >> know which version of openssl was used? >> > > All I know is that if you're using a Java keystore and Keytool (or > KeyStore Explorer) to set it up and maintain it, you're most likely not > using ANY version of OpenSSL; you're using JSSE (which isn't affected by > HeartBleed) instead. > > Given that I've never set up security for Tomcat on any platform other > than an IBM Midrange system (on which JSSE seems to be the only viable > choce for SSL in Tomcat), I was actually rather astonished when I first > learned that other platforms usually used OpenSSL. > > -- > JHHL > > Thank you for the quick response! It's a mixed bag, some are java keystores and some are pfx files. So I'm only using OpenSSL if it's marked as such in the configuration file?
