Retired: This application is now retired.

OpenSSL CCS Injection Detector (RETIRED)

Updated -

About

This tool checks to determine if the version of OpenSSL used by services running on a RHEL system is patched for the OpenSSL CCS Injection vulnerability (CVE-2014-0224).

Can this app false positive?

Yes -- OpenSSL server versions pre 1.0.1 may fail the vulnerability test even though they can not be exploited (clients pre 1.0.1 are still vulnerable, but this tool does not scan clients). This application checks to make sure that the patch for CVE-2014-0224 was properly applied regardless of whether the OpenSSL lib was vulnerable in the first place.