Script fake-client-early-ccs.pl is returning the system is affected even after upgrading the openSSL packages affected by CVE-2014-0224

Solution Unverified - Updated -

Issue

  • The script fake-client-early-ccs.pl provided (https://access.redhat.com/labs/ccsinjectiontest/)[https://access.redhat.com/labs/ccsinjectiontest/] is returning the system is still affected even after upgrading the openssl package affected by (CVE-2014-0224)[CVE-2014-0224].
    port 383:
    Got server response, size: 2367
    - Handshake - Server Hello
    - Handshake - Certificate
    - Handshake - unknown (13)
    FAIL Remote host is affected

    port 2381:
    Got server response, size: 1657
    - Handshake - Server Hello
    - Handshake - Certificate
    - Handshake - Server Key Exhange
    - Handshake - Server Hello Done
    FAIL Remote host is affected

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In