Yes, both Qualys and Tripwire tests are testing a web server's HTTPS
port.
Yes, I do run mod_pagespeed on the web server. Alas, I get the same
result when I disable it and restart Apache. It is however an
interesting direction to investigate, since now I am thinking of
examining other modules as well, such as mod_ssl, etc.
Does anyone know of a test to run against OpenSSL directly to confirm
it
is patched (I do not mean checking the change log)?
Thanks...
On 06/22/2014 03:52 AM, Andreas Reich wrote:
At least the qualys online test is only testing port 443 - could it be
that you run your web-server on this port?
If you run your web-server with e.g. mod-spdy you also have to update
mod-spdy because it is built with its own openssl.
This was a problem on my server too (not fedora or Centos tough)
Regards
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays