On Sun, Apr 29, 2012 at 5:40 PM, Mike Hoy <mho...@gmail.com> wrote: > We use McAfee to scan our website for vulnerabilities. They claim the > following: >> >> Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. >> Configure SSL/TLS servers to only support cipher suites that do not use >> block ciphers. Apply patches if available. > > I ran #openssl version and it says we are using OpenSSL 0.9.8e-fips-rhel5 01 > Jul 2008. > > Do we need to upgrade our OpenSSL to upgrade our TLS/SSL server? Sorry if > the question is way off-base but I am not a system administrator normally. > This is new to me. We use CentOS and #yum install openssl claims it is > already at the higest version. Any suggestions appreciated. Use a SSL/TLS scanner to verify SSL is not available; and TLS ciphers are available. Since you are using a FIPS build, MD5 and lesser friends should not be available. You can use openssl from the command line, or a tool such as http://sourceforge.net/projects/sslscan/ or http://code.google.com/p/sslyze/.
Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
