Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Security/Heartbleed" page has been changed by OgnjenBlagojevic: https://wiki.apache.org/tomcat/Security/Heartbleed?action=diff&rev1=7&rev2=8 Comment: Online tools == Am I Vulnerable? == If you are running any server that uses OpenSSL version 1.0.1 with any patch level before āgā you may be vulnerable. Unless you happened to install OpenSSL 1.0.1 for the *first* time after 2014-04-08 or so, you are almost certainly vulnerable. If you are running an ASF-provided tcnative binary version 1.1.24-1.1.29, then you are vulnerable, as tcnative ships with a statically-linked OpenSSL version which is vulnerable. If you are running OpenSSL 0.9.8 or 1.0.0, then you are not vulnerable to this particular vulnerability. If you are using Tomcat with any Java connector (BIO or NIO), then you are not vulnerable to this particular vulnerability. + + You may also check if you are vulnerable using online tools: + + 1. [[http://filippo.io/Heartbleed/]] + 1. [[https://www.ssllabs.com/ssltest/]] == How do I fix my servers? == --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
