> Ok, I'm a little scared now. > This is before & after installing the latest security > http/ssl patch 15787. Please tell me it doesn't use this on my RaQ3 > > # strings /usr/lib/libssl.so | grep -i openssl > > SSLv2 part of OpenSSL 0.9.3a 29 May 1999 > SSLv3 part of OpenSSL 0.9.3a 29 May 1999 > SSLv2/3 compatibility part of OpenSSL 0.9.3a 29 May 1999 > TLSv1 part of OpenSSL 0.9.3a 29 May 1999 > OpenSSL 0.9.3a 29 May 1999
Yes, I'm afraid what you see is correct. So does this mean that I am vulnerable to Slapper still? > Also: > Config file httpd: > ServerTokens ProductOnly > > HTTP HEADER: > Server: Apache/1.3.6 (Unix) PHP/4.2.3 mod_perl/1.21 > mod_ssl/2.2.8 OpenSSL/0.9.2b > > BTW I did restarted the server. How do I get ride if this > header message? Try setting ServerTokens Min in /etc/httpd/conf/httpd.conf and /etc/admserv/conf/httpd.conf instead of ProductOnly. Now i get: Server: Apache/1.3.6 Which is better, but I'd like to get ride of that version. Slapper can still use it. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
