From a PCI scan, this error. Answer: Your scanning provider is apparently relying on the version information in the banner to determine vulnerability. Redhat frequently backports fixes into previous versions of applications which is the case with your version of OpenSSL (openssl-0.9.8e-27.el5_10.4). This is a false positive. The vulnerability does not affect this server. You ..
Find out if your server is affected http://filippo.io/Heartbleed/ Run the command: [root@austin ~]# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013 to get the version number of openssl. If the command shows e.g.: [root@austin ~]# rpm -qa | grep openssl openssl-1.0.1e-16.el6_5.7.x86_64 Your server might be vulnerable as the version is below 1.0.1g. But some Linux distributions ..