I've been tasked with updating an old system running node.js, handing SSL hand shakes. I was able to update the node binary (custom install), but I don't feel as though the CVE-2014-0224 (CCS Injection) vulnerability is actually fixed. The testing tool Breacher used to show we failed (reason for the update) but after updating, it doesn't show a response at all. Another tool (nmap script I believe) shows that node is disconnecting the session immediately when trying to test. Is this the correct behavior? Will this fix the hole and allow our site to pass the SSLLabs scan and give us something other than an F?
-- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/f8c2bf5b-f6c6-4427-a6c2-f3e22baeb813%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
