https://community.hpe.com/t5/operating-system-hp-ux/openssl-cve-2010-3864/m-p/4717223#M731661 Before version 9.08p is released by HP for distribution, the recommended fix is:<BR /><BR />1. Confirm that internal session caching is disabled or<BR />2. the implementation is not multi-threaded.<BR /><BR />Can someone please tell me how perform step 1 and verify step 2.<BR /><BR />Regards,<BR />Steve Hinchman Tue, 23 Nov 2010 20:44:06 GMT Steve Hinchman 2010-11-23T20:44:06Z https://community.hpe.com/t5/operating-system-hp-ux/openssl-cve-2010-3864/m-p/4717223#M731661 Before version 9.08p is released by HP for distribution, the recommended fix is:<BR /><BR />1. Confirm that internal session caching is disabled or<BR />2. the implementation is not multi-threaded.<BR /><BR />Can someone please tell me how perform step 1 and verify step 2.<BR /><BR />Regards,<BR />Steve Hinchman Tue, 23 Nov 2010 20:44:06 GMT https://community.hpe.com/t5/operating-system-hp-ux/openssl-cve-2010-3864/m-p/4717223#M731661 Steve Hinchman 2010-11-23T20:44:06Z https://community.hpe.com/t5/operating-system-hp-ux/openssl-cve-2010-3864/m-p/4717224#M731662 Hi,<BR /><BR />Generally you can enables/disables session caching by setting the mode in â SSL_CTX_set_session_cache_mode (SSL_CTX ctx, long mode)â function.<BR /><BR />Mode "SSL_SESS_CACHE_OFF" means, no session caching for client or server takes place.<BR /><BR />The default mode is SSL_SESS_CACHE_SERVER, means it is enabled by default.<BR /><BR />You can find more information in the below link...<BR /><BR /><A href="http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html" target="_blank">http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html</A><BR /><BR />Thanks &amp; Regards,<BR />Vasu Wed, 24 Nov 2010 04:46:15 GMT https://community.hpe.com/t5/operating-system-hp-ux/openssl-cve-2010-3864/m-p/4717224#M731662 vaasusworld 2010-11-24T04:46:15Z https://community.hpe.com/t5/operating-system-hp-ux/openssl-cve-2010-3864/m-p/4717225#M731663 Hi,<BR /><BR />OpenSSL can also be used in multi-threaded applications.<BR /><BR />Regards,<BR />Vasu Wed, 24 Nov 2010 06:01:46 GMT https://community.hpe.com/t5/operating-system-hp-ux/openssl-cve-2010-3864/m-p/4717225#M731663 vaasusworld 2010-11-24T06:01:46Z https://community.hpe.com/t5/operating-system-hp-ux/openssl-cve-2010-3864/m-p/4717226#M731664 Vasu,<BR /><BR />Thanks for the replies.<BR /><BR />So, if I understand correctly, both issues are dependent upon the application calling/using OpenSSL's TSL, correct?<BR /><BR />For example, does Tomcat need to be configured to enable/disable internal session caching? Or is it set by application using Tomcat?<BR /><BR />Regards,<BR />Steve <BR /> Wed, 24 Nov 2010 15:41:30 GMT https://community.hpe.com/t5/operating-system-hp-ux/openssl-cve-2010-3864/m-p/4717226#M731664 Steve Hinchman 2010-11-24T15:41:30Z https://community.hpe.com/t5/operating-system-hp-ux/openssl-cve-2010-3864/m-p/4717227#M731665 &gt;&gt; So, if I understand correctly, both issues are dependent upon the application calling/using OpenSSL's TSL, correct?<BR /><BR />The answer is YES.<BR /><BR />Regards,<BR />Vasu Sun, 28 Nov 2010 07:18:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/openssl-cve-2010-3864/m-p/4717227#M731665 vaasusworld 2010-11-28T07:18:21Z