Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification.
The "Security/Heartbleed" page has been changed by KonstantinKolinko: https://wiki.apache.org/tomcat/Security/Heartbleed?action=diff&rev1=10&rev2=11 Comment: Mention how to update Tomcat Native. This is an easy 3-step process: - 1. Update OpenSSL to a version that includes the fix. The natural version number for this is 1.0.1g, though some package maintainers have chosen to back-port their fixes to versions with a lower patch-level. Among such maintainers are Debian and probably also Debian-based distributions such as Ubuntu. tcnative 1.1.30 and later include patched versions of OpenSSL. + 1. Update OpenSSL to a version that includes the fix. The natural version number for this is 1.0.1g, though some package maintainers have chosen to back-port their fixes to versions with a lower patch-level. Among such maintainers are Debian and probably also Debian-based distributions such as Ubuntu.<<BR>><<BR>>Tomcat Native 1.1.30 and later include patched versions of OpenSSL.<<BR>><<BR>>To install updated Tomcat Native on Windows without updating Tomcat itself you have to [[http://tomcat.apache.org/download-native.cgi|download it]] and replace `tcnative-1.dll` in your installation with a new one. 1. Re-key your server. This means creating a new RSA or DSA server key, creating a new CSR for your Certificate Authority, and applying for a replacement certificate. All CAs allow for the revocation of a server certificate due to “key compromise” which is exactly the reason for the re-keying of your server. You should be able to obtain a replacement certificate at no charge, though free-certificate providers may charge a fee for revocation/replacement. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
