[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: SSL update.. still giving me a Vulnerable status

If you are talking about the "443" number after the IP, that is the port
number. Https runs on port 443.

HTH,
 
Steven 

"exitus acta probat"
"fide, sed cui vide"


-----Original Message-----
From: Jeroen de Leeuw den Bouter [mailto:jeroen@netventures.com.au] 
Sent: Tuesday, September 17, 2002 11:26 PM
To: debian-security@lists.debian.org
Subject: Re: SSL update.. still giving me a Vulnerable status


> > > After updating libssl09 to the latest stable (0.9.4-6.woody.2)
version.
> > > And running the openssl-sslv2-master script from
> > > (http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php)
>
> > The test program is being stupid and just looking at the version
string.
> > It sees 0.9.4 and thinks you're vulnerable.  You aren't.
>
> No, it checks a large and a small overflow. Jeroen, have you restarted
> the httpd? If not, it is still running with the old library.
I shut the whole apache down (both http and http-ssl).

> On my Woody machine, after I restarted httpd, I get
>
> 1.2.3.4 443 PATCHED: detects small overflow, but crashes (0.9.6e)
1.2.3.4 443 VULNERABLE: does not detect small overflow

I don't get that number behind it btw...

Thanks for all the support...


Jeroen  de Leeuw den Bouter
the world downunder.....  still on top of it...
Reply to: