LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page update ssl due to insecurity
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 11-14-2007, 01:45 PM   #1
sir-lancealot
Member
 
Registered: Aug 2007
Posts: 346

Rep: Reputation: 31
update ssl due to insecurity

Hey all, we had a 3rd party company come in to check security, etc. and the only thing that showed up as a medium risk was the following;

Quote:
SSLv2 Supported:
This SSL service supports SSLv2 connections. SSLv3 has known cryptographic weaknesses. Secure web applications should only enable the SSLv3 or TLSv1 protocols.
They suggest disabling the use of SSL2 if possible, but I am not sure where to look.
The box uses SSL for secure transactions, but I am not familiar with just 'disabling' v2 and allowing 3, is this an apache change somewhere, a simple conf file change, etc.

I did find an idea googling, and in an included httpd-ssl.conf file found;
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

It can't be something as simple as changing that v2 to v3 is it?

Thanks for any replies.
Last edited by sir-lancealot; 11-14-2007 at 01:52 PM.
 
Old 11-14-2007, 04:31 PM   #2
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
According to http://www.debianadmin.com/how-to-en...che-hosts.html, yes, that is all that is needed. Although, you may want to copy their SSLCipherSuite and SSLProtocol lines.

Oh, and you then have to do the complicated task of restarting Apache .

HTH

Forrest
 
Old 11-15-2007, 09:04 AM   #3
sir-lancealot
Member
 
Registered: Aug 2007
Posts: 346

Original Poster
Rep: Reputation: 31
Solved.
Perfect link, thanks. Just try searching for some of those leads to a few different way's, not testing, etc. but that worked perfect and the fact it had the test made it exactly what was needed.

Thanks.
Lr
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Yum repository (dries) unable to update due to disk crash O(V)eGA_l2el) Fedora 6 11-09-2007 06:28 AM
ntfs-3g problem in testing due to update almatic Debian 8 04-21-2007 12:36 AM
Wep insecurity exvor Linux - Wireless Networking 3 06-27-2005 09:55 PM
cant update suse 9.1 due to fetchmsttfont-3 Cap'n Skyler Linux - Newbie 2 11-13-2004 01:32 AM
Slash is down due to MySQL update! jeremy LQ Suggestions & Feedback 0 09-04-2000 09:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:42 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration