Thomas J. Hruska wrote: > Now compare that number to how many hackers know and care about the same > information.
None. If an exploit exists, it will be exploited. You are a fool if you expect that a hacker would rely on the reported version number to elect one of the dozens of past exploits. They simply pound all of them at the server until they discover one works. Legitimate users are the actual browsers and other non-interactive clients which make deterministic decisions about process flow and exploit *features* based on if they know the server is capable of using the optimization or bandwidth saving feature reliably. Close any vulnerabilities by applying the current/corrected code, if you actually want to prevent your server from being exploited. Hiding your head in the sand by attempting to hide the software you are running is foolish and silly. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]