Basically, I am left to conclude that (1) the latest update on Fedora/Centos does not patch CCS Injection vulnerability or (2) the test is wrong--correction, both Tripwire and Qualys tests are wrong or (3) between a Fedora and two Centos machines, one of which is really just a test machine, all are out of wack or (4) something else is weird. Anyone else ran Qualys test on their "patched" Centos server? https://www.ssllabs.com/ssltest/analyze.html?d=YOUR_DOMAIN_NAME&hideResults=... Anyone else tried Tripwire on their "patched" Centos server? https://raw.githubusercontent.com/Tripwire/OpenSSL-CCS-Inject-Test/master/OS... I would love to see if anyone else is getting the same warnings. Thanks... On 06/21/2014 03:09 PM, Tora Tora Tora wrote:
And now I have tried a reboot. No change. Weird ...