Hi,
I'm currently at CentOS 5.8. I'm using openssl version openssl-0.9.8e-22.el5. The following vulnerability was reported by a Nessus security scan:
"SSL/ TLS Renegotion Handshakes MiTm Plaintext Data Injection"
As per following link, Redhat has introduced openssl-0.9.8m which fixes this specific issue:
https://access.redhat.com/site/articles/20490#Updates_adding_RFC_5746_suppor...
I created rpm for openssl-0.9.8m using tarball and when I tried to install it, I got "libssl.so.6()(64bit) is needed by <rpm name>" errors which would be solved by installing openssl098e rpm. This rpm is a part of CentOS 6 and so I can't install it.
Do we have openssl-0.9.8m or higher rpm available for CentOS 5? Or any other way I could resolve errors "libssl.so.6()(64bit) is needed by <rpm name>"? Or any suggestions on the mentioned "SSL/ TLS Renegotion Handshakes" vulnerability?
Thanks, Anumeha