httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis J." <denni...@conversis.de>
Subject Re: [users@httpd] SSL protocol limits ignored?
Date Mon, 24 May 2010 00:01:04 GMT
Hi,
Doesn't work. I added the lines to the virtual host and restartet Apache 
but I can still connect with SSLv2:

openssl s_client -ssl2 -connect SERVERNAME:443

...
New, SSLv2, Cipher is DES-CBC3-MD5
...

Regards,
   Dennis

On 05/22/2010 11:44 AM, Sakthi Esakiappan wrote:
> Hello,
>
> Have a try with restarting apache service, otherwise add the following
> lines to the Virtual Host configuration
>
> SSLProtocol -all +SSLv3 +TLSv1
> SSLCipherSuite HIGH:MEDIUM:!SSLv2:!LOW:!EXP:!aNULL
>
> restart the apache service and have a try...
>
> On 21 May 2010 17:45, Dennis J. <dennisml@conversis.de
> <mailto:dennisml@conversis.de>> wrote:
>
>     Hi,
>     I've noticed that my Apache server seems to accept SSLv2 connections
>     even though they are supposed to be disabled. From the mod_ssl.conf:
>
>     #   SSL Protocol support:
>     # List the enable protocol levels with which clients will be able to
>     # connect.  Disable SSLv2 access by default:
>     SSLProtocol all -SSLv2
>
>     I also tried the following in a global context:
>     SSLProtocol -all +SSLv3 +TLSv1
>
>     Still I can connect using SSLv2. I grepped through the config
>     directories but these are the only instances of this directive so
>     I'm not sure why the configuration doesn't apply. Any ideas?
>
>     Regards,
>       Dennis
>
>     ---------------------------------------------------------------------
>     The official User-To-User support forum of the Apache HTTP Server
>     Project.
>     See <URL:http://httpd.apache.org/userslist.html> for more info.
>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     <mailto:users-unsubscribe@httpd.apache.org>
>     "   from the digest: users-digest-unsubscribe@httpd.apache.org
>     <mailto:users-digest-unsubscribe@httpd.apache.org>
>     For additional commands, e-mail: users-help@httpd.apache.org
>     <mailto:users-help@httpd.apache.org>
>
>
>
>
> --
> With Regards,
> Sakthi Esakiappan.M
> Server Administrator
>
> MercuryMinds Technologies Pvt Ltd
> www.mercuryminds.com <http://www.mercuryminds.com> "An E-Commerce mentor"
> +91 44 45588587
> sakthi.esakiappan@mercuryminds.com
> <mailto:sakthi.esakiappan@mercuryminds.com>
> www.mercuryminds.com <http://www.mercuryminds.com>
>
> Disclaimer: This message is intended only for the use of the individual
> or entity to which it is addressed and may contain information that is
> privileged, confidential and exempt from disclosure under applicable
> law. If you have received this message in error, you are hereby notified
> that we do not consent to any reading, dissemination, distribution or
> copying of this message. If you have received this communication in
> error, please notify the sender immediately and destroy the transmitted
> information.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message