Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

cisco asa 5510 Patch OpenSSL to 0.9.8j or later

Our PCI scan found the following bug "Patch OpenSSL to 0.9.8j or later"

We have an ASA 5510 running 8.2(2) with the following ssl: ssl encryption rc4-sha1 aes128-sha1 aes256-sha1

Reviewing the 8.2x OpenSSL notes in the releases documentation it specifices it is using 0.9.8 but not which version.

Can someone recommend which version to upgrade to?

Everyone's tags (2)
2 REPLIES

Cisco is still evaluating

Cisco is still evaluating this and hasn't released fixed code yet:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl

-- Jim Leinweber, WI State Lab of Hygiene

 

New Member

Our vulnerability states

Our vulnerability states "Netscape/OpenSSL Cipher Forcing Bug" I don't see that listed.
 

215
Views
0
Helpful
2
Replies