06-10-2014 08:04 AM - edited 03-11-2019 09:18 PM
Our PCI scan found the following bug "Patch OpenSSL to 0.9.8j or later"
We have an ASA 5510 running 8.2(2) with the following ssl: ssl encryption rc4-sha1 aes128-sha1 aes256-sha1
Reviewing the 8.2x OpenSSL notes in the releases documentation it specifices it is using 0.9.8 but not which version.
Can someone recommend which version to upgrade to?
06-10-2014 09:25 AM
Cisco is still evaluating this and hasn't released fixed code yet:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
-- Jim Leinweber, WI State Lab of Hygiene
06-10-2014 10:09 AM
Our vulnerability states "Netscape/OpenSSL Cipher Forcing Bug" I don't see that listed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide