Open SSL?


#1

I received a notice from our PCI Compliance scan that the scan is failing due to Open SSL version 1.1.1

I know my main server doesn’t even have this version installed so I assume this is bundled with Lucee.

If my assumption is correct, will there be an update soon that includes OpenSSL 1.1.1a?

Thanks!

Jeff


#2

SSL would be handled by your webserver. If you have apache in front, thats where it is. If not, you probably configured ssl in tomcat, which uses apr or java depending on how you configured it.

Regardless, upgrading apache or tomcat is your solution.


#3

Thanks Joe.

You are correct. After some more digging Apache is using mod_ssl and I have all the recent updates so I guess I’ll wait for them to fix it or dig into configuring it myself.

I appreciate you pointing me in the right direction.