mod_ssl 2.8.xx and PCI

The Mod_ssl 2.8.x issue which is affecting your PCI compliance is a false positive as far as our servers are concerned. We run Apache 2.2.x on our servers which has inbuilt mod_ssl support and the version of mod_ssl is same as what we have for Apache due to this.

The mod_ssl official site is http://www.modssl.org/ and you can see that there is no mod_ssl version available for Apache 2.x or 2.2.x at this time. The mod_ssl 2.8.xx versions are all available for a much older version of Apache (i.e 1.3.xx). You need to file in a false positive report for this issue with your PCI scanning company for this issue.

Was this answer helpful?

 Print this Article

Also Read

SQL injection, insertion

SQL injection is an attack where malicious code is passed to an SQL Server for execution. The...

What happens to someone abusing system resources?

The offending site will be suspended and the owner will be given an opportunity to fix the...

What is INODES limit?

An inode is basically a file - so say you had 1,000 images, that'd be 1,000 inodes. Every file (a...

My account was hacked!

If you are the victim of a hacker, immediately submit a ticket and our experts will investigate...

How to handle the Google Attack Page?

When you see the dreaded Google attack site warning, you should immediately submit a...