3

Does the Jetty Servlet container use OpenSSL, and is it vulnerable to the Heartbleed bug? I think it should not be impacted as it is supposed to use its own implementation of SSL but I don't know enough of what's going on under the hood to be sure.

Michael Petrotta
  • 59,888
  • 27
  • 145
  • 179
Usman Ismail
  • 17,999
  • 14
  • 83
  • 165

1 Answers1

2

From older Jetty docs:

This is an overview of how to configure SSL for Jetty, which uses Sun's reference implementation for the Java Secure Sockets Extension (JSSE).

I would imagine this still holds, though depending on your use case you may want to wait for a more authoritative answer (or ping Jetty devs directly).

EDIT: bumping this up from the comments below. This question has been answered on the jetty-users list:

http://dev.eclipse.org/mhonarc/lists/jetty-users/msg04624.html

candu
  • 2,827
  • 23
  • 18
  • 1
    Someone beat me to it, The mailing list confirms that Jetty is not impacted by the OpenSSL bug. http://dev.eclipse.org/mhonarc/lists/jetty-users/msg04624.html – Usman Ismail Apr 15 '14 at 20:22