I work for a small outdoor retailer where I'm lucky enough to build internal web apps that benefit different departments.
We recently updated my Web Servers that are set up on the intranet, not for public use. I updated to XAMPP 5.6.8.
We have a company that scans our systems to make sure we are compliant, PCI and otherwise. This company keeps telling us my internal web server has vulnerabilities, specifically with openssl and needing a "server certificate signed with a public key length of at least 2048 bits".
XAMPP 5.6.8 is using openssl 1.0.1l
But openssl 1.0.1l has vulnerabilities.
https://web.nvd.nist.gov/view/vuln/sear ... ssl:1.0.1l
I would like to try to update openssl on my server to either 1.0.1m or 1.0.2a but I have no idea where to start. I've googled with little luck.
Could someone help point me in the right direction? I'd Appreciate it!