Hi,I've noticed that my Apache server seems to accept SSLv2 connections even though they are supposed to be disabled. From the mod_ssl.conf:
# SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: SSLProtocol all -SSLv2 I also tried the following in a global context: SSLProtocol -all +SSLv3 +TLSv1Still I can connect using SSLv2. I grepped through the config directories but these are the only instances of this directive so I'm not sure why the configuration doesn't apply. Any ideas?
Regards, Dennis --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|