My server inspected an "SSLv3/TLS Renegotiation Stream Injection(10942)" vulnerability.
Suggested fix said
use openssl-0.9.8l or use apache patch 2.2.14/CVE-2009-3555-2.2
but my openssl version is 1.1.1 and my apache version is 2.4.29(Ubuntu)
seems like I don't need to upgrade openssl or apache
what else can I do?
PS: my config is: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1