On Jun 11, 2012, at 6:01 PM, Tony Miller wrote: > I'm having a PCI compliance issue regarding apache 2.2.22 and mod_ssl 2.8.31. > My security vendor says there is an issue with mod_ssl 2.2.22, which is the > current installed version.
You probably need more information from your security vendor (maybe a CVE id?) I didn't see anything with a quick look at http://httpd.apache.org/security/vulnerabilities_22.html > I've run the port upgrade outdated recently and retested, but it didn't > change the mod_ssl version. mod_ssl comes with apache2, apache 2.2.22 is the latest current verison of apache 2.2.x (MacPorts will eventually be moving to apache 2.4.x) > I've downloaded the source from > http://www.modssl.org/source/mod_ssl-2.8.31-1.3.41.tar.gz, but am not that > comfortable installing outside MacPorts yet. That's for Apache 1.3.41, so it's not useful to you anyway... > This machine is in production so I can't experiment on it. I'm not that > brave/stupid at this point. You should have a non-production machine that you can test/experiment with :) > I don't see any tickets on this so thought I'd start here first. Depending on what your security vendor says is the problem, you may be able to just change some apache/mod_ssl configuration parameters to pass the audit. This tester may help you identify any issues if your security vendor doesn't have information for you: https://www.ssllabs.com/ssltest/index.html They have a 'best practices' guide available as well: https://www.ssllabs.com/projects/best-practices/index.html None of this is macports-specific, though :) -- Daniel J. Luke +========================================================+ | *---------------- [email protected] ----------------* | | *-------------- http://www.geeklair.net -------------* | +========================================================+ | Opinions expressed are mine and do not necessarily | | reflect the opinions of my employer. | +========================================================+ _______________________________________________ macports-users mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-users
