I'd say try that in a lab then see what happens & sell the fix back to the vendor.
On Mon, Dec 21, 2009 at 5:09 AM, Monkey Daemon < [email protected]> wrote: > Hi All, > > I've been speaking to a family member over the weekend who works in a > similar line of work to myself and we got to talking about PCI > Compliance. > > He's just had a quarterly scan performed and he failed it owing to the > issues with Session Negotiation when using SSL/TLS. The problem he > has is that he's running Linux and not only has his distro not > released packages for OpenSSL 0.9.8l but the distro vendor is refusing > to issue a patch stating that as its an issue with the underlying > protocol there is no point. > > Does anyone have a fix to this other than "compile your own SSL with > negotiation switched off and hope nothing breaks"? > > I'm now concerned that when our scan comes around early next year we > will also fail. > > Cheers, > > MWD. > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Tim Krabec Kracomp 772-597-2349 smbminute.com kracomp.blogspot.com www.kracomp.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
