06-10-2014 08:04 AM - edited 03-11-2019 09:18 PM
Our PCI scan found the following bug "Patch OpenSSL to 0.9.8j or later"
We have an ASA 5510 running 8.2(2) with the following ssl: ssl encryption rc4-sha1 aes128-sha1 aes256-sha1
Reviewing the 8.2x OpenSSL notes in the releases documentation it specifices it is using 0.9.8 but not which version.
Can someone recommend which version to upgrade to?
06-10-2014 09:25 AM
Cisco is still evaluating this and hasn't released fixed code yet:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
-- Jim Leinweber, WI State Lab of Hygiene
06-10-2014 10:09 AM
Our vulnerability states "Netscape/OpenSSL Cipher Forcing Bug" I don't see that listed.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: