Hello, > The quick version: How can I disable or prevent OpenSSL headers > from being viewable to outside traffic (similiar to when you disable > Apache from allowing its header and version information from being > viewable to the outside world)? OpenSSL is realizing SSL3/TLS1 protocol and there is no place to put any "upper library" version information. Of course attacker may use some specific behaviour of SSL layer to guess what version you have but you have no control on that. In general in SSL protocol there is no place for for example "OpenSSL x.y.z" string.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]