OpenSSL < 0.9.5a /dev/random Check Failure
Medium Nessus Plugin ID 17707
SynopsisThe remote host uses a version of OpenSSL that may have weak encryption keys.
DescriptionAccording to its banner, the version of OpenSSL running on the remote host is less than 0.9.5a. On a FreeBSD system running on the Alpha architecture, versions earlier than that may not use the /dev/random and /dev/urandom devices to provide a strong source of cryptographic entropy, which could lead to the generation of keys with weak cryptographic strength.
SolutionUpgrade OpenSSL to version 0.9.5a or higher and re-generate encryption keys.