Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SSL Encryption Type

 
A Farroll
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

A Java Servlet I maintain uses SSL encryption. I THINK it uses JSSE SSL by Oracle and after the HeartBleed Bug announcement I don't want to be using OpenSSL. Can someone tell me how I can be sure this is the case please?

So far I have found nothing on Google.

Thanks in advance

AJF
 
Roger Sterling
Ranch Hand
Posts: 426
Eclipse IDE Fedora Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What OS are you running ? What application server ?
 
A Farroll
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OS on Live server is Windows Server 2008 R2 Standard. The Servlet is running on Tomcat V7.0.
 
Roger Sterling
Ranch Hand
Posts: 426
Eclipse IDE Fedora Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Open a command prompt in your Windows 2008 server and run this command :



Then post the output here.
 
A Farroll
Ranch Hand
Posts: 43
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
C:\>openssl version -a
'openssl' is not recognized as an internal or external command, operable program or batch file.

I take it then openSSL is not used and then nothing to worry about??
 
Roger Sterling
Ranch Hand
Posts: 426
Eclipse IDE Fedora Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Windows binaries are provided by Apache for Tomcat for tcnative-1, which is a statically compiled .dll which includes OpenSSL and APR.

It can be downloaded from here as 32bit or AMD x86-64 binaries. In security conscious production environments, it is recommended to use separate shared dlls for OpenSSL, APR, and libtcnative-1, and update them as needed according to security bulletins.

Windows OpenSSL binaries are linked from the Official OpenSSL website (see related/binaries).



Your OS doesn't have openssl installed, but Tomcat does.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic