On 18/01/2010 11:37, Jens Neu wrote: > Steve, > > it is not a vulnerability of Tomcat, nevertheless it can be fixed by it. > You definitely _should_ fix it, since data integrity can not be assured on > your https connections any more. > > I have little to no Windows experienc; but my understanding is, that while > running Tomcat on Windows Server, it will make use of the SSL/TLS > libraries provided by Windows. Means: the Openssl solution will not work > your your. > You would have to wait until MS provides a patch (some Windows guy should > correct me on this if I'm mistaken).
You are mistaken. BIO & NIO use JSSE from the JDK. APR/native does use OpenSSL. > Meanwhile you should investigate if you can fix it by clever choosing the > Tomcat Connector; maybe some Windows- Tomcat Expert jumps on it :) See my other reply on this thread for details. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
