Hi, I have a Nextcloud jail on my FreeNAS machine, works well, exposed to internet and all.
Run the site through SSLLabs now and then to check, currently it's showing an F for the SSL test: https://www.ssllabs.com/ssltest/analyze.html?d=zaggy.nl&hideResults=on&latest
Vulnerable to CVE-2016-2107.
Same result on the site of the person who found the exploit: https://filippo.io/CVE-2016-2107/#zaggy.nl
From what I gather I need a newer openssl version?
Openssl appears to be patched in version 1.0.2_12 if I look at the ports: https://www.freshports.org/security/openssl/, server is running OpenSSL 1.0.2k, so it should be fine?
How do I upgrade my "score" and get rid of the vulnerability? Or is it a false positive?
Run the site through SSLLabs now and then to check, currently it's showing an F for the SSL test: https://www.ssllabs.com/ssltest/analyze.html?d=zaggy.nl&hideResults=on&latest
Vulnerable to CVE-2016-2107.
Same result on the site of the person who found the exploit: https://filippo.io/CVE-2016-2107/#zaggy.nl
From what I gather I need a newer openssl version?
Openssl appears to be patched in version 1.0.2_12 if I look at the ports: https://www.freshports.org/security/openssl/, server is running OpenSSL 1.0.2k, so it should be fine?
How do I upgrade my "score" and get rid of the vulnerability? Or is it a false positive?