Hi, I'm using Apache 2.2.22 for Windows 2003 with openssl 0.9.8t. A PCI scan reported a vulnerability with this version of openssl.
From what I see on Apache.org, the 2.2.23 version and 2.4.3 don't have a Windows version available. I see Apache 2.2.23 for Windows with a current version of openssl on apachelounge.com. However, I'm not sure how I can verify that the software on this site is trustworthy. What would I need to do to upgrade to openssl 1.0.1c? Thanks, - Mike.
