cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
336
Views
0
Helpful
2
Replies
Highlighted
Beginner

cisco asa 5510 Patch OpenSSL to 0.9.8j or later

Our PCI scan found the following bug "Patch OpenSSL to 0.9.8j or later"

We have an ASA 5510 running 8.2(2) with the following ssl: ssl encryption rc4-sha1 aes128-sha1 aes256-sha1

Reviewing the 8.2x OpenSSL notes in the releases documentation it specifices it is using 0.9.8 but not which version.

Can someone recommend which version to upgrade to?

Everyone's tags (2)
2 REPLIES 2
Highlighted
Enthusiast

Cisco is still evaluating

Cisco is still evaluating this and hasn't released fixed code yet:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

-- Jim Leinweber, WI State Lab of Hygiene

 

Beginner

Our vulnerability states

Our vulnerability states "Netscape/OpenSSL Cipher Forcing Bug" I don't see that listed.