You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On CentOS 7.2.1511 running postfix postfix-2.10.1-6.el7.x86_64 and OpenSSL openssl-1.0.1e-51.el7_2.5.x86_64.
Heartbleed, CCS and Secure Client-Initiated Renegotiation are reported as VULNERABLE even tough the official CentOS/RHEL advisory is that this is fixed in the packages listed above.
Is this problem with the script or CentOS/RH did not patch vulns from 2014?
--> Testing vulnerabilities
Heartbleed (CVE-2014-0160) VULNERABLE (NOT ok)
CCS (CVE-2014-0224) VULNERABLE (NOT ok)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
CRIME, TLS (CVE-2012-4929) not vulnerable (OK) (not using HTTP anyway)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention supported (OK)
FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 4/9 ciphers)
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked.
BEAST (CVE-2011-3389) no SSL3 or TLS1
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Thanks!
The text was updated successfully, but these errors were encountered:
On CentOS 7.2.1511 running postfix postfix-2.10.1-6.el7.x86_64 and OpenSSL openssl-1.0.1e-51.el7_2.5.x86_64.
Heartbleed, CCS and Secure Client-Initiated Renegotiation are reported as VULNERABLE even tough the official CentOS/RHEL advisory is that this is fixed in the packages listed above.
Is this problem with the script or CentOS/RH did not patch vulns from 2014?
--> Testing vulnerabilities
Heartbleed (CVE-2014-0160) VULNERABLE (NOT ok)
CCS (CVE-2014-0224) VULNERABLE (NOT ok)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
CRIME, TLS (CVE-2012-4929) not vulnerable (OK) (not using HTTP anyway)
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507), experim. Downgrade attack prevention supported (OK)
FREAK (CVE-2015-0204) not vulnerable (OK) (tested with 4/9 ciphers)
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK) (tested w/ 2/4 ciphers only!), common primes not checked.
BEAST (CVE-2011-3389) no SSL3 or TLS1
RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Thanks!
The text was updated successfully, but these errors were encountered: