- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: OpenSSL CVE-2010-3864
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-23-2010 12:44 PM
тАО11-23-2010 12:44 PM
1. Confirm that internal session caching is disabled or
2. the implementation is not multi-threaded.
Can someone please tell me how perform step 1 and verify step 2.
Regards,
Steve Hinchman
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-23-2010 08:46 PM
тАО11-23-2010 08:46 PM
SolutionGenerally you can enables/disables session caching by setting the mode in ├в SSL_CTX_set_session_cache_mode (SSL_CTX ctx, long mode)├в function.
Mode "SSL_SESS_CACHE_OFF" means, no session caching for client or server takes place.
The default mode is SSL_SESS_CACHE_SERVER, means it is enabled by default.
You can find more information in the below link...
http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html
Thanks & Regards,
Vasu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-23-2010 10:01 PM
тАО11-23-2010 10:01 PM
Re: OpenSSL CVE-2010-3864
OpenSSL can also be used in multi-threaded applications.
Regards,
Vasu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-24-2010 07:41 AM
тАО11-24-2010 07:41 AM
Re: OpenSSL CVE-2010-3864
Thanks for the replies.
So, if I understand correctly, both issues are dependent upon the application calling/using OpenSSL's TSL, correct?
For example, does Tomcat need to be configured to enable/disable internal session caching? Or is it set by application using Tomcat?
Regards,
Steve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-27-2010 11:18 PM
тАО11-27-2010 11:18 PM
Re: OpenSSL CVE-2010-3864
The answer is YES.
Regards,
Vasu