{"id":467,"date":"2012-11-07T14:11:22","date_gmt":"2012-11-07T19:11:22","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/2012\/11\/07\/openssl-pci-scan-false-positive\/"},"modified":"2021-08-16T23:29:33","modified_gmt":"2021-08-17T03:29:33","slug":"openssl-pci-scan-false-positive","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/","title":{"rendered":"OpenSSL PCI scan false positive"},"content":{"rendered":"<p>In this article we&#8217;ll discuss why a PCI scan could have possibly failed as a false positive, stating an outdated version of OpenSSL which is the service that handles SSL connections. If you have read our previous article on <a href=\"\/support\/security\/how-to-pass-pci-scans\/\">how to pass PCI compliance scans<\/a>, the OpenSSL service being outdated is a common false positive that we see.<\/p>\n<p>The reason for this is because we run cPanel on our servers, and cPanel utilizes backporting for their software updates instead of simply installing the latest version of the service each time it&#8217;s updated. So to a PCI vendor it might seem that the version is outdated and subject to a known exploit, but in reality the service is secure because it has been patched against the exploit already.<\/p>\n<p>If you failed a PCI scan and the reason stated was your server was running an old version of OpenSSL that is exploitable, you can follow these steps to report the issue as a false positive back to your PCI vendor.<\/p>\n<ol class=\"article_list\">\n<li><a href=\"\/support\/server\/ssh\/how-to-login-ssh\/\">Login to your server via SSH<\/a><\/li>\n<li>Run the following command:\n<pre class=\"code_block\">rpm -q openssl &amp;&amp; rpm -q --changelog openssl | head -10<\/pre>\n<p>You should get back text similar to:<\/p>\n<pre class=\"code_block\">openssl-1.0.0-25.el6_3.1.x86_64\n* Wed Aug 15 2012 Tomas Mraz &lt;tmraz@redhat.com&gt; 1.0.0-25.1\n- use PKCS#8 when writing private keys in FIPS mode as the old\nPEM encryption mode is not FIPS compatible (#812348)\n\n* Tue May 15 2012 Tomas Mraz &lt;tmraz@redhat.com&gt; 1.0.0-25\n- fix for CVE-2012-2333 - improper checking for record length in DTLS (#820686)\n- properly initialize tkeylen in the CVE-2012-0884 fix\n\n* Thu Apr 19 2012 Tomas Mraz &lt;tmraz@redhat.com&gt; 1.0.0-24\n- fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)<\/pre>\n<p>You should notice the latest patch applied to OpenSSL was on <strong>Wed Aug 15 2012<\/strong>. So if your PCI scanning vendor has failed your website due to the OpenSSL version, provide them with this information so they can mark it as a false positive.<\/p>\n<p>In this example we used <strong>head -10<\/strong> to only show 10 lines from the full changelog, you can adjust that number to see updates going further back in time.<\/li>\n<\/ol>\n<p>You should now understand how to retrieve the changelog of the OpenSSL service on your server, to show a PCI vendor that it should be reported as a false positive.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this article we&#8217;ll discuss why a PCI scan could have possibly failed as a false positive, stating an outdated version of OpenSSL which is the service that handles SSL connections. If you have read our previous article on how to pass PCI compliance scans, the OpenSSL service being outdated is a common false positive<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/\"> Read More ><\/a><\/p>\n","protected":false},"author":57014,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4312],"tags":[],"class_list":["post-467","post","type-post","status-publish","format-standard","hentry","category-ssl"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>OpenSSL PCI scan false positive | InMotion Hosting<\/title>\n<meta name=\"description\" content=\"In this article we&#039;ll discuss why a PCI scan could have possibly failed as a false positive, stating an outdated version of OpenSSL which is the service that handles SSL connections.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OpenSSL PCI scan false positive | InMotion Hosting\" \/>\n<meta property=\"og:description\" content=\"In this article we&#039;ll discuss why a PCI scan could have possibly failed as a false positive, stating an outdated version of OpenSSL which is the service that handles SSL connections.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2012-11-07T19:11:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-17T03:29:33+00:00\" \/>\n<meta name=\"author\" content=\"InMotion Hosting Contributor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InMotion Hosting Contributor\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/\"},\"author\":{\"name\":\"InMotion Hosting Contributor\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\"},\"headline\":\"OpenSSL PCI scan false positive\",\"datePublished\":\"2012-11-07T19:11:22+00:00\",\"dateModified\":\"2021-08-17T03:29:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/\"},\"wordCount\":292,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"articleSection\":[\"Secure Socket Layer (SSL)\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/\",\"name\":\"OpenSSL PCI scan false positive | InMotion Hosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\"},\"datePublished\":\"2012-11-07T19:11:22+00:00\",\"dateModified\":\"2021-08-17T03:29:33+00:00\",\"description\":\"In this article we'll discuss why a PCI scan could have possibly failed as a false positive, stating an outdated version of OpenSSL which is the service that handles SSL connections.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inmotionhosting.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OpenSSL PCI scan false positive\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inmotionhosting\/\",\"https:\/\/x.com\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\",\"name\":\"InMotion Hosting Contributor\",\"description\":\"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/inmotion-hosting\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting\"],\"url\":\"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OpenSSL PCI scan false positive | InMotion Hosting","description":"In this article we'll discuss why a PCI scan could have possibly failed as a false positive, stating an outdated version of OpenSSL which is the service that handles SSL connections.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/","og_locale":"en_US","og_type":"article","og_title":"OpenSSL PCI scan false positive | InMotion Hosting","og_description":"In this article we'll discuss why a PCI scan could have possibly failed as a false positive, stating an outdated version of OpenSSL which is the service that handles SSL connections.","og_url":"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2012-11-07T19:11:22+00:00","article_modified_time":"2021-08-17T03:29:33+00:00","author":"InMotion Hosting Contributor","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"InMotion Hosting Contributor","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/"},"author":{"name":"InMotion Hosting Contributor","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644"},"headline":"OpenSSL PCI scan false positive","datePublished":"2012-11-07T19:11:22+00:00","dateModified":"2021-08-17T03:29:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/"},"wordCount":292,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"articleSection":["Secure Socket Layer (SSL)"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/","url":"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/","name":"OpenSSL PCI scan false positive | InMotion Hosting","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"datePublished":"2012-11-07T19:11:22+00:00","dateModified":"2021-08-17T03:29:33+00:00","description":"In this article we'll discuss why a PCI scan could have possibly failed as a false positive, stating an outdated version of OpenSSL which is the service that handles SSL connections.","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/website\/ssl\/openssl-pci-scan-false-positive\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"OpenSSL PCI scan false positive"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support &amp; Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644","name":"InMotion Hosting Contributor","description":"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!","sameAs":["https:\/\/www.linkedin.com\/company\/inmotion-hosting\/","https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting"],"url":"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":null,"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/57014"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=467"}],"version-history":[{"count":4,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/467\/revisions"}],"predecessor-version":[{"id":85356,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/467\/revisions\/85356"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}