Disabling sslv2 on linux for port 636.

Nigel Wade nmw at ion.le.ac.uk
Tue Jun 2 14:34:39 UTC 2009


Rohit khaladkar wrote:
> Hi All,I want to disable ssl2 on a linux server for Port 636. Here is the
> procedure that I followed :
> 
> 1)Edit ssl.conf and added following entries in it .
> 
> SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
> SSLProtocol -All +SSLv3 +TLSv1
> 
> 2)Restarted Apache service.
> 
> 3)Restarted network.
> 
> I checked if ssl2 is disabled using the following command :
> 
> openssl s_client -connect hostname:636 -ssl2
> 
> where hostname= server name
> 
> But it still shows me the certificate. I even tried rebooting the machine ,
> but no luck.
> 
> Am I missing anything here?.
> 

Port 636 is normally the ldaps port, ie. SSL encrypted LDAP. Are you really listening on 
that port with Apache? Which ssl.conf did you edit, a full path would be rather more 
specific than just a filename?

Maybe you want to replace 636 with 443 (https) as the openssl request port.

-- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw at ion.le.ac.uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555




More information about the redhat-list mailing list