Is the TCN portion of BZ 56027 address completely or partially with this release? I see the exposure of the FIPS_mode setting, but it looks like the temporary 512 bit RSA key is still being done in the SSL_TMP_KEYS_INIT macro (line 77). When I hacked my workaround eariier this year I had to make sure I didn't call FIPS_mode_set if it was already set and disable the 512 bit key to get TCN to spin up correctly.
-Rob ________________________________________ From: Mladen Turk [mt...@apache.org] Sent: Thursday, April 10, 2014 9:01 AM To: dev@tomcat.apache.org Subject: Re: [VOTE] Release Apache Tomcat Native 1.1.30 On 04/10/2014 02:56 PM, Ognjen Blagojevic wrote: > > Tested with Tomcat 8.0.5, Oracle Java 1.7.0_51 on Windows 7 64-bit. > > - Filippo.io [1] reports it is not vulnerable to Heartbleed bug. > > - SSLLabs [2] reports it is not vulnerable to Heartbleed bug. > > - SSLLabs reports that Forward secrecy is enabled when proper cipher suites > (including EECDH/ECDHE) are enabled. > > - Smoke tests of APR, with and without TLS, all passed. > Cool. Thanks -- ^TM --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
