RE: SSL update.. still giving me a Vulnerable status
- To: <firstname.lastname@example.org>
- Subject: RE: SSL update.. still giving me a Vulnerable status
- From: "Steven" <email@example.com>
- Date: Wed, 18 Sep 2002 03:11:16 -0700
- Message-id: <003601c25efb$ba0a88d0$3802a8c0@phxcrackrock>
- In-reply-to: <firstname.lastname@example.org>
If you are talking about the "443" number after the IP, that is the port
number. Https runs on port 443.
"exitus acta probat"
"fide, sed cui vide"
From: Jeroen de Leeuw den Bouter [mailto:email@example.com]
Sent: Tuesday, September 17, 2002 11:26 PM
Subject: Re: SSL update.. still giving me a Vulnerable status
> > > After updating libssl09 to the latest stable (0.9.4-6.woody.2)
> > > And running the openssl-sslv2-master script from
> > > (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php)
> > The test program is being stupid and just looking at the version
> > It sees 0.9.4 and thinks you're vulnerable. You aren't.
> No, it checks a large and a small overflow. Jeroen, have you restarted
> the httpd? If not, it is still running with the old library.
I shut the whole apache down (both http and http-ssl).
> On my Woody machine, after I restarted httpd, I get
> 188.8.131.52 443 PATCHED: detects small overflow, but crashes (0.9.6e)
184.108.40.206 443 VULNERABLE: does not detect small overflow
I don't get that number behind it btw...
Thanks for all the support...
Jeroen de Leeuw den Bouter
the world downunder..... still on top of it...