Return-Path: 
 <users-return-97402-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 34511 invoked from network); 20 Oct 2010 07:54:36 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 20 Oct 2010 07:54:36 -0000
Received: (qmail 32090 invoked by uid 500); 20 Oct 2010 07:54:33 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 31716 invoked by uid 500); 20 Oct 2010 07:54:29 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 31705 invoked by uid 99); 20 Oct 2010 07:54:28 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Oct 2010 07:54:28 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of uhlar@fantomas.sk designates
 195.168.3.66 as permitted sender)
Received: from [195.168.3.66] (HELO fantomas.fantomas.sk) (195.168.3.66)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Oct 2010 07:54:23 +0000
Received: from fantomas.fantomas.sk (uhlar@localhost [127.0.0.1])
	by fantomas.fantomas.sk (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id
 o9K7s23H018508
	for <users@httpd.apache.org>; Wed, 20 Oct 2010 09:54:02 +0200
Received: (from uhlar@localhost)
	by fantomas.fantomas.sk (8.14.3/8.14.3/Submit) id o9K7s1s2018500
	for users@httpd.apache.org; Wed, 20 Oct 2010 09:54:01 +0200
X-Authentication-Warning: fantomas.fantomas.sk: uhlar set sender to
 uhlar@fantomas.sk using -f
Date: Wed, 20 Oct 2010 09:54:01 +0200
From: Matus UHLAR - fantomas <uhlar@fantomas.sk>
To: users@httpd.apache.org
Message-ID: <20101020075401.GC17751@fantomas.sk>
Mail-Followup-To: users@httpd.apache.org
References: <237909972.5701.1287422565594.JavaMail.root@iris>
 <276484300.5705.1287422712486.JavaMail.root@iris>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <276484300.5705.1287422712486.JavaMail.root@iris>
User-Agent: Mutt/1.5.18 (2008-05-17)
Subject: Re: [users@httpd] SSL vulnerability question

> ----- "Denise Edwards" <Denise.Edwards@Bowne.com> wrote:
> > Received security can results which had two issues:
> > 
> > 1-SSL Server Supports Weak Encryption Vulnerability
> > 
> > 2-SSL Server Has SSLv2 Enabled Vulnerability
[...]
> > - SSLCipherSuite property includes high, medium, low and SSLv2

On 18.10.10 17:25, Igor Gali� wrote:
> And that's your problem.
> 
> 
> SSLProtocol TLSv1 SSLv3
> SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5

I use:

SSLCipherSuite DEFAULT:!EXP:!LOW

you can list those by issuing:

openssl ciphers -v '<cipherlist>'

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Chernobyl was an Windows 95 beta test site.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org