You can use below commands to check on which protocols a particular website responds: Recommended practice is to use only TLS1_1 & TLS1_2 as the enabled protocols on your web/app server. As SSL3 & TLS1 are not that secure now due to various uncovered vulnerabilities. openssl s_client -connect : -<ssl3|ssl2|tls1|tls1_1|tls1_2> openssl s_client -connect localhost:8080 -ssl2 […]
In Solaris 9 and above, non root users can open ports < 1024 with the below command: # su – # /usr/sbin/usermod -K defaultpriv=basic,net_privaddr <userId> Also this needs to be run once by root user, after this user will be able to bind to any available port & there will be no restriction
So we all are hearing various news about Heartbleed Bug, so let’s see which of our middleware application servers are affected by this:
Here is an brief review of the Bug -CVE-2014-0160:
“OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability to expose 64k of private memory and retrieve secret keys. An attacker can repeatedly expose additional 64k chunks of memory. This vulnerability can be remotely exploited, authentication is not required and the exploit is not complex. An exploit can only partially affect the confidentially, but not integrity or availability..”
An Explanation Of Restrictions Limiting The Java Max Heap (-Xmx) To Around 1500M For 32bit JDK’s On Microsoft Windows [ID 557813.1]
Although the maximum amount of physical memory that can be addressed by a 32 bit address bus is 4Gb, this space has to include the program code and some data structures required by the operating system (such as the stack space), shared libraries and any variables they define. Such considerations limit how much of the total 4Gb address space can be assigned to the heap area of a running JVM and, in the case of the Microsoft Windows, this limit is generally at 1500M (+/- about 200M).