thanks, yes - i just thought to do that before i read your reply. the test says my server is not vulnerable to the attack - so the bugfixes appear to have been integrated into the latest fedora version of openssl, even though running the openssl version command does not show this to be the case.

so i just put up with the regular error log entries for inflate?

mex Wrote:
-------------------------------------------------------
> hi tunist,
>
> if you want to test your server for CCS-vuln you might use
> https://www.ssllabs.com/ssltest/
>
> or the testscript from https://testssl.sh/
> when you prefer to test locally.
>
>
> >
> > though when i run openssl version, i see: OpenSSL 1.0.1e-fips 11
> Feb
> > 2013 not sure why..!?
>
> distros backport patched but usually dont ship new versions,
> thus dont update version-numbers; same here, although
> this system is fully patched
>
> $ openssl version
> OpenSSL 1.0.1e 11 Feb 2013