Disabling sslv2 on linux for port 636.
Nigel Wade
nmw at ion.le.ac.uk
Tue Jun 2 14:34:39 UTC 2009
Rohit khaladkar wrote:
> Hi All,I want to disable ssl2 on a linux server for Port 636. Here is the
> procedure that I followed :
>
> 1)Edit ssl.conf and added following entries in it .
>
> SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
> SSLProtocol -All +SSLv3 +TLSv1
>
> 2)Restarted Apache service.
>
> 3)Restarted network.
>
> I checked if ssl2 is disabled using the following command :
>
> openssl s_client -connect hostname:636 -ssl2
>
> where hostname= server name
>
> But it still shows me the certificate. I even tried rebooting the machine ,
> but no luck.
>
> Am I missing anything here?.
>
Port 636 is normally the ldaps port, ie. SSL encrypted LDAP. Are you really listening on
that port with Apache? Which ssl.conf did you edit, a full path would be rather more
specific than just a filename?
Maybe you want to replace 636 with 443 (https) as the openssl request port.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the redhat-list
mailing list