4

I am using Https and Tcp over SSL in java application with keystores and truststores. I use selfsigned certificates generated by java keytool. I am came to know about HeartBleed vulnerability with openSSL, do I need to change any implementation from java side or I am on safe side. can anyone please give details.

jww
  • 97,681
  • 90
  • 411
  • 885
DoIt
  • 313
  • 3
  • 12
  • This question appears to be off-topic because it is about software versions, administration and patching. Server Fault has quite a few questions on the topic: http://serverfault.com/questions/tagged/heartbleed. – jww Apr 09 '14 at 19:02

1 Answers1

6

Java does not use OpenSSL, although some Java applications like Tomcat can. As you're using keystores and truststores, you must be using JSSE rather than OpenSSL.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • I would add that, even if you're not using OpenSSL, this is still probably an opportune time to upgrade it on your server (but doing so is off topic for SO). – Jason Apr 09 '14 at 19:31
  • Thank you for clarifying my question. Actually after reading long article about HeartBleed I am confused little. thanks for help. – DoIt Apr 09 '14 at 22:28
  • @Jason If you're not using it how can you upgrade it? – user207421 Apr 10 '14 at 18:56
  • @EJP, I wasn't very clear, I meant if it's already installed on your system, even if you're not using it, you should update it now. On many systems it could be installed by default. – Jason Apr 10 '14 at 19:27