aspose file tools*
The moose likes Security and the fly likes SSL Encryption Type Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "SSL Encryption Type" Watch "SSL Encryption Type" New topic
Author

SSL Encryption Type

A Farroll
Greenhorn

Joined: Oct 26, 2012
Posts: 26
Hi all,

A Java Servlet I maintain uses SSL encryption. I THINK it uses JSSE SSL by Oracle and after the HeartBleed Bug announcement I don't want to be using OpenSSL. Can someone tell me how I can be sure this is the case please?

So far I have found nothing on Google.

Thanks in advance

AJF
Roger Sterling
Ranch Hand

Joined: Apr 06, 2012
Posts: 426

What OS are you running ? What application server ?
A Farroll
Greenhorn

Joined: Oct 26, 2012
Posts: 26
OS on Live server is Windows Server 2008 R2 Standard. The Servlet is running on Tomcat V7.0.
Roger Sterling
Ranch Hand

Joined: Apr 06, 2012
Posts: 426

Open a command prompt in your Windows 2008 server and run this command :



Then post the output here.
A Farroll
Greenhorn

Joined: Oct 26, 2012
Posts: 26
C:\>openssl version -a
'openssl' is not recognized as an internal or external command, operable program or batch file.

I take it then openSSL is not used and then nothing to worry about??
Roger Sterling
Ranch Hand

Joined: Apr 06, 2012
Posts: 426

Windows binaries are provided by Apache for Tomcat for tcnative-1, which is a statically compiled .dll which includes OpenSSL and APR.

It can be downloaded from here as 32bit or AMD x86-64 binaries. In security conscious production environments, it is recommended to use separate shared dlls for OpenSSL, APR, and libtcnative-1, and update them as needed according to security bulletins.

Windows OpenSSL binaries are linked from the Official OpenSSL website (see related/binaries).



Your OS doesn't have openssl installed, but Tomcat does.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SSL Encryption Type