This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes SSL Encryption Type Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "SSL Encryption Type" Watch "SSL Encryption Type" New topic
Author

SSL Encryption Type

A Farroll
Greenhorn

Joined: Oct 26, 2012
Posts: 23
Hi all,

A Java Servlet I maintain uses SSL encryption. I THINK it uses JSSE SSL by Oracle and after the HeartBleed Bug announcement I don't want to be using OpenSSL. Can someone tell me how I can be sure this is the case please?

So far I have found nothing on Google.

Thanks in advance

AJF
Roger Sterling
Ranch Hand

Joined: Apr 06, 2012
Posts: 426

What OS are you running ? What application server ?
A Farroll
Greenhorn

Joined: Oct 26, 2012
Posts: 23
OS on Live server is Windows Server 2008 R2 Standard. The Servlet is running on Tomcat V7.0.
Roger Sterling
Ranch Hand

Joined: Apr 06, 2012
Posts: 426

Open a command prompt in your Windows 2008 server and run this command :



Then post the output here.
A Farroll
Greenhorn

Joined: Oct 26, 2012
Posts: 23
C:\>openssl version -a
'openssl' is not recognized as an internal or external command, operable program or batch file.

I take it then openSSL is not used and then nothing to worry about??
Roger Sterling
Ranch Hand

Joined: Apr 06, 2012
Posts: 426

Windows binaries are provided by Apache for Tomcat for tcnative-1, which is a statically compiled .dll which includes OpenSSL and APR.

It can be downloaded from here as 32bit or AMD x86-64 binaries. In security conscious production environments, it is recommended to use separate shared dlls for OpenSSL, APR, and libtcnative-1, and update them as needed according to security bulletins.

Windows OpenSSL binaries are linked from the Official OpenSSL website (see related/binaries).



Your OS doesn't have openssl installed, but Tomcat does.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: SSL Encryption Type
 
Similar Threads
Help required to solve two drag and drop questions
JSP & SSL
which framework to use (JAAS, JCE, JSSE)
String Encryption in javascript and Decryption in java
Encrypted Password for Oracle JDBC