So adding the following in slapd.conf should do the trick right..? SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL Thanks! Rohit Khaladkar On Tue, Jun 2, 2009 at 8:51 PM, Marti, Rob <RJM002@xxxxxxxx> wrote: > Right. So its not apache listening on that port. Changing apache files > will do nothing. > > Rob Marti > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto: > redhat-list-bounces@xxxxxxxxxx] On Behalf Of Rohit khaladkar > Sent: Tuesday, June 02, 2009 10:12 AM > To: General Red Hat Linux discussion list > Subject: Re: Disabling sslv2 on linux for port 636. > > Here they are : > [root@puiqtk01 conf]# lsof -i :636 > COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME > slapd 3498 ldap 9u IPv6 11266 TCP *:ldaps (LISTEN) > slapd 3498 ldap 10u IPv4 11267 TCP *:ldaps (LISTEN) > > > Thanks! > Rohit Khaladkar > > On Tue, Jun 2, 2009 at 8:32 PM, Harry Hoffman <hhoffman@xxxxxxxxxxxxxxxx > >wrote: > > > Can you run (as root) > > > > lsof -i :636 > > > > and paste the results? > > > > Cheers, > > Harry > > > > > > Rohit khaladkar wrote: > > > >> Thanks Nigel. > >> I am editing /opt/ABC/CCR/Apache2/conf/ssl.conf file. > >> > >> > >> > >> > >> > >> > >> On Tue, Jun 2, 2009 at 8:04 PM, Nigel Wade <nmw@xxxxxxxxxxxx> wrote: > >> > >> Rohit khaladkar wrote: > >>> > >>> Hi All,I want to disable ssl2 on a linux server for Port 636. Here is > >>>> the > >>>> procedure that I followed : > >>>> > >>>> 1)Edit ssl.conf and added following entries in it . > >>>> > >>>> SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL > >>>> SSLProtocol -All +SSLv3 +TLSv1 > >>>> > >>>> 2)Restarted Apache service. > >>>> > >>>> 3)Restarted network. > >>>> > >>>> I checked if ssl2 is disabled using the following command : > >>>> > >>>> openssl s_client -connect hostname:636 -ssl2 > >>>> > >>>> where hostname= server name > >>>> > >>>> But it still shows me the certificate. I even tried rebooting the > >>>> machine > >>>> , > >>>> but no luck. > >>>> > >>>> Am I missing anything here?. > >>>> > >>>> > >>>> Port 636 is normally the ldaps port, ie. SSL encrypted LDAP. Are you > >>> really > >>> listening on that port with Apache? Which ssl.conf did you edit, a full > >>> path > >>> would be rather more specific than just a filename? > >>> > >>> Maybe you want to replace 636 with 443 (https) as the openssl request > >>> port. > >>> > >>> -- > >>> Nigel Wade, System Administrator, Space Plasma Physics Group, > >>> University of Leicester, Leicester, LE1 7RH, UK > >>> E-mail : nmw@xxxxxxxxxxxx > >>> Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555 > >>> > >>> > >>> -- > >>> redhat-list mailing list > >>> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > >>> https://www.redhat.com/mailman/listinfo/redhat-list > >>> > >>> > >> > >> > >> > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > Thanks! > Rohit Khaladkar > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- Thanks! Rohit Khaladkar -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
