Menu
▾
▴
Re: [Ejbca-develop] [EJBCA]EJBCA and openSSL
|
From: Lembitu L. <lem...@cb...> - 2014-04-09 12:18:01
|
Hi, being relatively new here i just want to add that although EJBCA nor JBoss are affected, many setups use Apache or Nginx as proxy in front of JBoss/EJBCA as many of the the setup guides suggest. Those setups need to be checked for vulnerable openssl versions. Wbr, Lembitu Ling On 09 Apr 2014, at 14:36, Tomas Gustavsson <to...@pr...> wrote: > > No there is no impact in EJBCA per se. EJBCA does not use, or link with, > OpenSSL in any way. JBoss, as EJBCA is running on does not either, by > default, use OpenSSL. > > If you have custom components or linkage in your environment, outside if > EJBCA control, you need to be in control of that yourself of course. > > Cheers, > Tomas > ********** > PrimeKey Solutions AB > Anderstorpsvägen 16, 171 54 Solna, Sweden > Mob: +46 (0)707421096 > Internet: www.primekey.se > Twitter: twitter.com/primetomas > ********** > > On 2014-04-09 12:56, Brahim zaki wrote: >> >> Hi Tomas, >> Is there any impact in EJBCA linked to the openSSL bug : >> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 >> >> is EJBCA use openSSL as an embedded lib??? >> Thanks. >> ZAKI. > > ------------------------------------------------------------------------------ > Put Bad Developers to Shame > Dominate Development with Jenkins Continuous Integration > Continuously Automate Build, Test & Deployment > Start a new project now. Try Jenkins in the cloud. > http://p.sf.net/sfu/13600_Cloudbees > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
