Dear all, Cesareo, you are right. For CVE-2014-0224, an upgrade of openssl + restart of naviserver is sufficient. There is no need to upgrade naviserver or nsssl.
-gustaf neumann Am 20.06.14 23:45, schrieb Cesáreo García Rodicio: > Hi! > > I had an F in Qualys SSL Labs due to the most recent openssl bug > (SSL/TLS MITM vulnerability (CVE-2014-0224): > https://www.openssl.org/news/secadv_20140605.txt). > > So, > - I've upgrade openssl (in my box via debian apt-get update and > apt-get upgrade). Now with OpenSSL 1.0.1e 11 Feb 2013 > - I've upgrade naviserver (to TIP version). I think nssl module was > not updated. > > And it worked, now I get A+. > > I think that it wasn't a naviserver issue but I post it here just to > keep informed our community. > > Thanks > Cesareo > ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ naviserver-devel mailing list naviserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/naviserver-devel
