Hi,
I've noticed that my Apache server seems to accept SSLv2 connections even though they are supposed to be disabled. From the mod_ssl.conf:
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2
I also tried the following in a global context:
SSLProtocol -all +SSLv3 +TLSv1
Still I can connect using SSLv2. I grepped through the config directories but these are the only instances of this directive so I'm not sure why the configuration doesn't apply. Any ideas?
Regards,
Dennis
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx