Hi,Doesn't work. I added the lines to the virtual host and restartet Apache but I can still connect with SSLv2:
openssl s_client -ssl2 -connect SERVERNAME:443 ... New, SSLv2, Cipher is DES-CBC3-MD5 ... Regards, Dennis On 05/22/2010 11:44 AM, Sakthi Esakiappan wrote:
Hello,
Have a try with restarting apache service, otherwise add the following
lines to the Virtual Host configuration
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL
restart the apache service and have a try...
On 21 May 2010 17:45, Dennis J. <dennisml@xxxxxxxxxxxx
<mailto:dennisml@xxxxxxxxxxxx>> wrote:
Hi,
I've noticed that my Apache server seems to accept SSLv2 connections
even though they are supposed to be disabled. From the mod_ssl.conf:
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2
I also tried the following in a global context:
SSLProtocol -all +SSLv3 +TLSv1
Still I can connect using SSLv2. I grepped through the config
directories but these are the only instances of this directive so
I'm not sure why the configuration doesn't apply. Any ideas?
Regards,
Dennis
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
<mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
<mailto:users-digest-unsubscribe@xxxxxxxxxxxxxxxx>
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
<mailto:users-help@xxxxxxxxxxxxxxxx>
--
With Regards,
Sakthi Esakiappan.M
Server Administrator
MercuryMinds Technologies Pvt Ltd
www.mercuryminds.com <http://www.mercuryminds.com> "An E-Commerce mentor"
+91 44 45588587
sakthi.esakiappan@xxxxxxxxxxxxxxxx
<mailto:sakthi.esakiappan@xxxxxxxxxxxxxxxx>
www.mercuryminds.com <http://www.mercuryminds.com>
Disclaimer: This message is intended only for the use of the individual
or entity to which it is addressed and may contain information that is
privileged, confidential and exempt from disclosure under applicable
law. If you have received this message in error, you are hereby notified
that we do not consent to any reading, dissemination, distribution or
copying of this message. If you have received this communication in
error, please notify the sender immediately and destroy the transmitted
information.
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|