> On Jan 28, 2015, at 9:14 AM, [email protected] wrote: > > I've been tasked with updating an old system running node.js, handing SSL > hand shakes. I was able to update the node binary (custom install), but I > don't feel as though the CVE-2014-0224 (CCS Injection) vulnerability is > actually fixed. The testing tool Breacher used to show we failed (reason for > the update) but after updating, it doesn't show a response at all. Another > tool (nmap script I believe) shows that node is disconnecting the session > immediately when trying to test. Is this the correct behavior? Will this fix > the hole and allow our site to pass the SSLLabs scan and give us something > other than an F?
Which version of node are you now running? Are you using the version of openssl that ships with that version of node, or a different version of openssl, and if the latter, which one? -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/EE400497-62EC-40BE-8AC8-A12095CAED9B%40ryandesign.com. For more options, visit https://groups.google.com/d/optout.
