LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-14-2009, 07:57 AM   #1
cooljai
Member
 
Registered: May 2007
Location: /dev/random
Distribution: CentOS, Fedora, RHEL, SuSE
Posts: 62

Rep: Reputation: 15
Question Disable SSL v2 in Apache


Hi,

I want to disable SSL v2 in apache on my CentOS 5.2 box (httpd 2.2.3), for that, I've added following lines in my /etc/httpd/conf.d/ssl.conf:
Code:
SSLProtocol -All +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
and restarted httpd.

but it still not disabled, I'm connecting to SSL v2 and getting error for SSL v3:

Code:
# openssl s_client -connect localhost:443 -ssl2
CONNECTED(00000003)

# openssl s_client -connect localhost:443 -ssl3
CONNECTED(00000003)
8021:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284:
Any help will be appreciated.
 
Old 10-14-2009, 02:57 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
I think you want:
Code:
SSLProtocol All -SSLv2
SSLCipherSuite ALL:!EXP:!NULL:!ADH:!LOW
 
Old 10-15-2009, 01:00 AM   #3
cooljai
Member
 
Registered: May 2007
Location: /dev/random
Distribution: CentOS, Fedora, RHEL, SuSE
Posts: 62

Original Poster
Rep: Reputation: 15
Hi anomie, thanks for reply.

Just tried this but no avail. able to connect SSLv2 and getting error while checking for SSLv3.

Any other thoughts? Though its intrinsic but how can I confirm that apache reading /etc/httpd/conf.d/ssl.conf? Also checked error log, nothing is there.

Thanks,
 
Old 10-15-2009, 11:31 AM   #4
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
FWIW, the directives I posted I'm using successfully with Apache 2.0 + mod_ssl (on RHEL4).

Code:
$ openssl s_client -connect my.host:443 -quiet -ssl2
8641:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
Check your main httpd.conf to confirm there is an Include that is pulling in conf.d/ssl.conf or conf.d/*.conf. One quick way to test whether ssl.conf is being pulled in or not is to add a bogus directive to it, e.g.:

Code:
BadDirective foo
And then do a syntax check:

Code:
# apachectl -t
Syntax error on line 2 of /etc/httpd/conf.d/ssl.conf:
Invalid command 'BadDirective', perhaps misspelled or defined by a module not included in the server configuration
 
  


Reply

Tags
apache, ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSL Servers vs Apache SSL mlewis Linux - Networking 2 04-02-2008 10:13 AM
Apache 1.3.33 (debian built) and Apache SSL does not respond to the proper ports lqorg_user Linux - Networking 0 11-06-2005 04:11 PM
apache and apache-ssl questions merana Debian 4 03-10-2005 10:10 AM
Apache 2.0 and SSL harlow400 Linux - Software 8 03-10-2004 02:56 AM
Apache and SSL odius Linux - Networking 0 03-13-2003 02:41 PM


All times are GMT -5. The time now is 12:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration