Re: SSL protocol limits ignored?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
Doesn't work. I added the lines to the virtual host and restartet Apache but I can still connect with SSLv2:

openssl s_client -ssl2 -connect SERVERNAME:443

...
New, SSLv2, Cipher is DES-CBC3-MD5
...

Regards,
  Dennis

On 05/22/2010 11:44 AM, Sakthi Esakiappan wrote:
Hello,

Have a try with restarting apache service, otherwise add the following
lines to the Virtual Host configuration

SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL

restart the apache service and have a try...

On 21 May 2010 17:45, Dennis J. <dennisml@xxxxxxxxxxxx
<mailto:dennisml@xxxxxxxxxxxx>> wrote:

    Hi,
    I've noticed that my Apache server seems to accept SSLv2 connections
    even though they are supposed to be disabled. From the mod_ssl.conf:

    #   SSL Protocol support:
    # List the enable protocol levels with which clients will be able to
    # connect.  Disable SSLv2 access by default:
    SSLProtocol all -SSLv2

    I also tried the following in a global context:
    SSLProtocol -all +SSLv3 +TLSv1

    Still I can connect using SSLv2. I grepped through the config
    directories but these are the only instances of this directive so
    I'm not sure why the configuration doesn't apply. Any ideas?

    Regards,
      Dennis

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server
    Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
    <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
    <mailto:users-digest-unsubscribe@xxxxxxxxxxxxxxxx>
    For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
    <mailto:users-help@xxxxxxxxxxxxxxxx>




--
With Regards,
Sakthi Esakiappan.M
Server Administrator

MercuryMinds Technologies Pvt Ltd
www.mercuryminds.com <http://www.mercuryminds.com> "An E-Commerce mentor"
+91 44 45588587
sakthi.esakiappan@xxxxxxxxxxxxxxxx
<mailto:sakthi.esakiappan@xxxxxxxxxxxxxxxx>
www.mercuryminds.com <http://www.mercuryminds.com>

Disclaimer: This message is intended only for the use of the individual
or entity to which it is addressed and may contain information that is
privileged, confidential and exempt from disclosure under applicable
law. If you have received this message in error, you are hereby notified
that we do not consent to any reading, dissemination, distribution or
copying of this message. If you have received this communication in
error, please notify the sender immediately and destroy the transmitted
information.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux