thanks, yes - i just thought to do that before i read your reply. the test
says my server is not vulnerable to the attack - so the bugfixes appear to
have been integrated into the latest fedora version of openssl, even though
running the openssl version command does not show this to be the case.
s
hi tunist,
if you want to test your server for CCS-vuln you might use
https://www.ssllabs.com/ssltest/
or the testscript from https://testssl.sh/
when you prefer to test locally.
>
> though when i run openssl version, i see: OpenSSL 1.0.1e-fips 11 Feb
> 2013 not sure why..!?
distros backpor
fedora 20 - latest version of openssl = 1:openssl-1.0.1e-40.fc20.x86_64
though when i run openssl version, i see: OpenSSL 1.0.1e-fips 11 Feb 2013
not sure why..!?
mex Wrote:
---
> CCS-scan probably, see
> https://www.mare-system.de/guide-to-n
CCS-scan probably, see
https://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#ccs-early-changecipherspec-attack)
what openssl-version do you use?
cheers,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254144,254146#msg-254146
___
oh, and another:
*188425 SSL_do_handshake() failed (SSL: error:14094085:SSL
routines:SSL3_READ_BYTES:ccs received early) while SSL handshaking, client:
xx.xx.xx.xx.xx, server: 0.0.0.0:443
is this maybe a result of hackers attempting to break into the server?
Posted at Nginx Forum:
http://forum.
i just noticed several entries in the main nginx log here that are:
[error] 28042#0: *12244 inflate() failed: -5 while processing SPDY, client:
xx.xx.xx.xx, server: 0.0.0.0:443
anyone know what this is caused by? i haven't found anything in the search
engines that relate yet
Posted at Nginx Foru
