We're using 1.8.0_60 on our production machines, and 1.8.0_112 on our test server. However the vulnerability shows up on both machines. So I'm wondering if it's a JRE issue or somehow in the Wowza application/components.
Edit: Just wondering which JRE is used in release 4.6.0?
This doesn't however show which OpenSSL library is used and where this library is loaded from, so it's not helpful in finding the culprit in the vulnerability chain here.
Our OS & Java version are up-to-date on a test server, but this machine still shows the alert (CVE-2014-0224 - OpenSSL Out of Order Change Cipher Spec MiTM Vulnerability), so this would indicate that Wowza somehow includes an OpenSSL binary?