Jochen Spieker <m...@well-adjusted.de> wrote: >>> Am I doing anything wrong? Is the testing tool broken? I also tried the >>> one at https://gist.github.com/takeshixx/10107280 which confirms there >>> is still a problem on port 443 (HTTPS served by Apache). >> >> That test tool was updated a few hours ago to include checks for >> patches. You may find you now get "Version number indicates vulnerable, >> but your build is recent so may be patched."
> I have the most recent version and it still reports my system to be > vulnerable. Are you sure you restarted the right system? (Just asking, had the same problem today, was looking at a totally different system than the one I thought I was looking at.) Maybe apache is using a different libssl than the one from the system. What does "ldd /usr/lib/apache2/modules/mod_ssl.so" say? Or maybe there is some kind of cache in front of your webserver. Grüße, Sven -- Sigmentation fault. Core dumped. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/2aj41372l...@mids.svenhartge.de