Script fake-client-early-ccs.pl is returning the system is affected even after upgrading the openSSL packages affected by CVE-2014-0224
Issue
- The script
fake-client-early-ccs.pl
provided (https://access.redhat.com/labs/ccsinjectiontest/)[https://access.redhat.com/labs/ccsinjectiontest/] is returning the system is still affected even after upgrading the openssl package affected by (CVE-2014-0224)[CVE-2014-0224].
port 383:
Got server response, size: 2367
- Handshake - Server Hello
- Handshake - Certificate
- Handshake - unknown (13)
FAIL Remote host is affected
port 2381:
Got server response, size: 1657
- Handshake - Server Hello
- Handshake - Certificate
- Handshake - Server Key Exhange
- Handshake - Server Hello Done
FAIL Remote host is affected
Environment
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.