AnsweredAssumed Answered

OpenSSL Padding Oracle vulnerability (CVE-2016-2107)

Question asked by william harvey on Dec 15, 2016
Latest reply on Dec 17, 2016 by Busby

Hi there,


I have a test server running Centos 6.8 and can't overcome this message: 

This server is vulnerable to the OpenSSL Padding Oracle vulnerability (CVE-2016-2107) and insecure. Grade set to F.

I believe it's to do with open openssl and I have the latest version OpenSSL 1.1.0c  10 Nov 2016.
Could it be to do with my Ciphers?
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on


The test domain I'm running is this. SSL Server Test: (Powered by Qualys SSL Labs) 


Any help would be very much appreciated.