Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Servlet response times

Brad,

Back in the days of Jetty 6.x there were a host of SSL exploits and downright silly stupid bugs in the Java VMs related to it.

Using Java 1.6 pre update 30 opens you up to a host of SSL bugs.
Using Java 1.7 pre update 15 also has similar bugs + others around the TLS layer.

In short, if you are using SSL, make sure your JVM is current.
If you don't use SSL, then no worries, you are safe.


--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Developer advice, services and support
from the Jetty & CometD experts


On Thu, May 30, 2013 at 2:06 PM, Brad McEvoy <brad@xxxxxxxxxxxxxxxxxxxx> wrote:
On 31/05/13 09:04, Joakim Erdfelt wrote:
Sure hope you are not running with SSL and have a Java VM released in the past 6 months.
Hey, i know this is off-topic, but i hadnt heard of that issue. can you give a pointer?

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-dev


Back to the top