Disabling sslv2 on linux for port 636.
Nigel Wade
nmw at ion.le.ac.uk
Tue Jun 2 14:59:57 UTC 2009
Rohit khaladkar wrote:
> Thanks Nigel.
> I am editing /opt/ABC/CCR/Apache2/conf/ssl.conf file.
>
and is httpd listening on port 636?
As I mentioned in my previous message it's normally ldap which listens on that port, so
configuring httpd and restarting httpd wouldn't have much effect.
I'm pretty sure I've not changed the SSL configuration on my http, and this contains:
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
If I attempt to connect as you did using ssl2, but connecting to httpd on port 443, then I
get:
CONNECTED(00000003)
3265:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
If I attempt the same connection as you did, to my ldap server on port 636, then I get the
server cert returned.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the redhat-list
mailing list