http://www.openssl.org/news/secadv_20140407.txt
Hi Tomcat Devs, I have been on the dev list for a few years, and a tomcat developer longer than that. While I haven't contributed yet, I was curious if this cve needs a contribution. As far as I can tell, if you recompile your native libs with the unaffected version of SSL, you will not be vulnerable to this CVE. Is that assumption correct or does there need to be a change to tcnative? -- With Regards, Andrew Carr e. andrewlanec...@gmail.com w. andrew.c...@openlogic.com h. 4235255668 c. 4239489852 a. 101 Francis Drive, Greeneville, TN, 37743