Our daily security scan flagged SAM as being vulnerable to the DROWN attack due to the version of OpenSSL used. The OpenSSL website says to update to a newer version, but this involves compiling the OpenSSL source code via Perl, then installing it on the SAM server. This is shaky ground. Has anybody else encountered and resolved this problem yet?
↧