On Mon, Apr 30, 2012 at 12:45 PM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Sun, Apr 29, 2012, Mike Hoy wrote: > >> We use McAfee to scan our website for vulnerabilities. They claim the >> following: >> >> > Configure SSL/TLS servers to only use TLS 1.1 or TLS 1.2 if supported. >> > Configure SSL/TLS servers to only support cipher suites that do not use >> > block ciphers. Apply patches if available. >> >> I ran #openssl version and it says we are using OpenSSL 0.9.8e-fips-rhel5 >> 01 Jul 2008. >> >> Do we need to upgrade our OpenSSL to upgrade our TLS/SSL server? Sorry if >> the question is way off-base but I am not a system administrator normally. >> This is new to me. We use CentOS and #yum install openssl claims it is >> already at the higest version. Any suggestions appreciated. >> > > FYI: this is most likely the BEAST attack it is referring to.
BEAST only applies to CBC... > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
