Back in January, I was able to get ASSP on my Windows machine to report
OpenSSL 1.0.2c by removing Net:SSLeay and reinstalling it using
ActiveState's ppm.
Overnight, OpenSSL released 1.0.2g which plugs the DROWN vulnerability.
In previous discussions, I've been told that Net::SSLeay installs it's own
ssleay.dll. I believe this is the file that I see in
perl/site/lib/auto/net/ssleay
Now that 1.0.2g is out, do I need to wait for a new version of Net:SSLeay
to be published, is that recommended, or is there an alternative?
Shining Light's openssl distribution (
https://slproweb.com/products/Win32OpenSSL.html) installs an SSLeay*32*.dll
into its installation folder, but that's 1/10 the size of the ssleay.dll -
and I've been told previously that net::ssleay is independed from the
Windows binary installation.
Further confusing me is that ActiveState's ppm says that v1.72 of
Net:SSLeay uses 1.0.2a, but I have 1.0.2c being reported by ASSP in info
stats and in the log at startup.
Insight would be appreciated.
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
