thanks, yes - i just thought to do that before i read your reply. the test says my server is not vulnerable to the attack - so the bugfixes appear to have been integrated into the latest fedora version of openssl, even though running the openssl version command does not show this to be the case.
so i just put up with the regular error log entries for inflate? mex Wrote: ------------------------------------------------------- > hi tunist, > > if you want to test your server for CCS-vuln you might use > https://www.ssllabs.com/ssltest/ > > or the testscript from https://testssl.sh/ > when you prefer to test locally. > > > > > > though when i run openssl version, i see: OpenSSL 1.0.1e-fips 11 > Feb > > 2013 not sure why..!? > > distros backport patched but usually dont ship new versions, > thus dont update version-numbers; same here, although > this system is fully patched > > $ openssl version > OpenSSL 1.0.1e 11 Feb 2013 Posted at Nginx Forum: http://forum.nginx.org/read.php?2,254144,254149#msg-254149 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
