My PCI scan is failing due to a vulnerability in OpenSSL 1.0.2o. They are saying that I should update to 1.0.2.p, which does not exist. I do find though that there is a 1.0.2p-dev. It was my understanding that the system should not be using developmental software for PCI compliance. On top of that, the -dev version does not seem to be available in the ports tree.
How are others handling this?
Thanks,
Marshall
How are others handling this?
Thanks,
Marshall