Check the "Open source used in Cisco ASA..." docs on their site
Here is the one for 9.4.1
The latest suggested release is 9.4.4, at the very least you want 9.4(4)5 (has fix for CSCvd78303)
this is the below report we have got for pen test
OpenSSL was outdated. A suitably placed attacker may be able to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material has been exchanged, which causes predictable keys to be used for future communications. SSL-Session: Protocol
Update the OpenSSL encryption library to the latest available version. Tools such as NMAP (using the script ‘-p- --script=ssl-ccs-injection’) may be used to verify this issue.
what procedure should i follow to comply with this issue