Does anyone know if it is possible to update OpenSSL on a VPS?
A site I am managing has failed PCI compliance, and the culprit seems to be a slightly outdated OpenSSL version.
I have root access, but it looks like the repositories it uses are Dreamhosts:
I could try adding additional repositories, but do not want to break anything, as I am not well versed in how Dreamhost has these VPS set up... Anyone with experience in this area?
Contact DreamHost Support. We have experience in dealing with these issues and can help you get into compliance.
Great. That was my next step..waiting on the site-owners to send me their panel pw so I can get the ball rolling.
It looks like the OpenSSL version is 0.9.8o, and needs to be upgraded to to 0.9.8za
I will follow up on this post when I have it resolved in case anyone else is dealing with this.
I wanted to follow up on this and give the response I received from the DH:
I am having the site owner run a PCI scan again, and will follow up again once we get it to pass.
Okay///last follow up: The PCI scan was successful after the update that the DO-support made to libssl0.9.8
Congrats with the PCI scan. I know how it feels and it must be a nightmare for you creating screen shots that they're requiring.