Originally Posted by unSpawn
What's the version and release date of your Vsftpd and OpenSSL?
Does the changelog for OpenSSL mention fixing CVE-2009-3555?
I recompiled ssl and vsftpd and I passed one of the tests.
Now I'm getting this one:
SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability Synoposis: It may be possible to obtain sensitive information from the remote host with SSL/TLS-enabled services. Impact: A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
Can I use TLS 1.1 or TLS 1.2 with vsftpd?
How do I tell vsftpd to use a NON-CBC mode cipher?
Thanks for your help!