I've installed apache2 with the latest version of openssl but when I do a nessus scan, I get a warning that my version of mod_ssl is outdated and is a security risk.
I've been searching around but can't find where to get instructions for updating the module. Can anyone help or point me in the right direction?
Thanx

either I've asked a daft question or nobody knows the answer!
I've been searching like mad, but can't find an explication for apache2. Like I said, I installed the latest version of openssl, but can't find the instructions for updating mod_ssl. I can't use google (thanx to my ba**ard ISP) but, even so, yahoo, etc only come up with info for apache1.3.
A simple weblink would do, or instructions if you're feeling up to it!
thanx

mod_ssl is only separate for Apache 1.3, Apache 2.0 includes it in the default installation.

To upgrade mod_ssl, AFAIK you need to upgrade Apache. If you're using the most current Apache 2 release (2.0.50: see http://httpd.apache.org/), then ignore what Nessus says (it may still be the case that your Apache is vulnerable, but there's not much you can do about it until Apache releases the next version, which looks like it's already happened with 2.0.50).

well, I'm using the latest version of apache2, but do I really have to put up with a security hole? is there really no other way of updating it?
thanx

If you're absolutely sure you have 2.0.50 (and not a distro supplied Apache installation, which might be any version), then I don't see how there would be a security hole there at all.

More likely, I think, is that Nessus may not be getting the right information when it's asking about the mod_ssl version. That's supposed to be in the Apache footer (for stuff like 404 pages), but it's configurable in httpd.conf, so maybe the way it's configured is breaking the Nessus scan?

Anything at the Nessus site about it?

I can't find anything anywhere! plenty of stuff about apache 1.3 but nothing about apache 2.0.50.
the latest version of mod_ssl I can find on the web is 2.8.? (off the top of my head, but my version is 2.0.?.
I compiled apache with the latest version of openssl, so I can't understand why I've got such a low version no.