Basically, I am left to conclude that (1) the latest update on Fedora/Centos does not patch CCS Injection vulnerability or (2) the test is wrong--correction, both Tripwire and Qualys tests are wrong or (3) between a Fedora and two Centos machines, one of which is really just a test machine, all are out of wack or (4) something else is weird.
Anyone else ran Qualys test on their "patched" Centos server?
https://www.ssllabs.com/ssltest/analyze.html?d=YOUR_DOMAIN_NAME&hideResu...
Anyone else tried Tripwire on their "patched" Centos server?
https://raw.githubusercontent.com/Tripwire/OpenSSL-CCS-Inject-Test/master/OS...
I would love to see if anyone else is getting the same warnings.
Thanks...
On 06/21/2014 03:09 PM, Tora Tora Tora wrote:
And now I have tried a reboot. No change. Weird ...