Concerned about the use of OpenSSL with Web Viewer. Is it vulnerable? How to avoid using OpenSSL?
Release : 12.1
Web Viewer
OpenSSL
OpenSSL is vulnerable
To disable OpenSSL with Tomcat add this line to your connector port as shown (it's the one with the comment 12/20/2020):
<!-- WebViewer 12 connector added 12/30/2020 -->
<Connector protocol="org.apache.coyote.http11.Http11Nio2Protocol"
port="443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="D:\tomcatnew.jks" keystorePass="tomcat" keyAlias="tomcat"
sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2" />
and recycle Tomcat.