Disabling sslv2 on linux for port 636.
Marti, Rob
RJM002 at shsu.edu
Tue Jun 2 15:21:26 UTC 2009
Right. So its not apache listening on that port. Changing apache files will do nothing.
Rob Marti
-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Rohit khaladkar
Sent: Tuesday, June 02, 2009 10:12 AM
To: General Red Hat Linux discussion list
Subject: Re: Disabling sslv2 on linux for port 636.
Here they are :
[root at puiqtk01 conf]# lsof -i :636
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
slapd 3498 ldap 9u IPv6 11266 TCP *:ldaps (LISTEN)
slapd 3498 ldap 10u IPv4 11267 TCP *:ldaps (LISTEN)
Thanks!
Rohit Khaladkar
On Tue, Jun 2, 2009 at 8:32 PM, Harry Hoffman <hhoffman at ip-solutions.net>wrote:
> Can you run (as root)
>
> lsof -i :636
>
> and paste the results?
>
> Cheers,
> Harry
>
>
> Rohit khaladkar wrote:
>
>> Thanks Nigel.
>> I am editing /opt/ABC/CCR/Apache2/conf/ssl.conf file.
>>
>>
>>
>>
>>
>>
>> On Tue, Jun 2, 2009 at 8:04 PM, Nigel Wade <nmw at ion.le.ac.uk> wrote:
>>
>> Rohit khaladkar wrote:
>>>
>>> Hi All,I want to disable ssl2 on a linux server for Port 636. Here is
>>>> the
>>>> procedure that I followed :
>>>>
>>>> 1)Edit ssl.conf and added following entries in it .
>>>>
>>>> SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
>>>> SSLProtocol -All +SSLv3 +TLSv1
>>>>
>>>> 2)Restarted Apache service.
>>>>
>>>> 3)Restarted network.
>>>>
>>>> I checked if ssl2 is disabled using the following command :
>>>>
>>>> openssl s_client -connect hostname:636 -ssl2
>>>>
>>>> where hostname= server name
>>>>
>>>> But it still shows me the certificate. I even tried rebooting the
>>>> machine
>>>> ,
>>>> but no luck.
>>>>
>>>> Am I missing anything here?.
>>>>
>>>>
>>>> Port 636 is normally the ldaps port, ie. SSL encrypted LDAP. Are you
>>> really
>>> listening on that port with Apache? Which ssl.conf did you edit, a full
>>> path
>>> would be rather more specific than just a filename?
>>>
>>> Maybe you want to replace 636 with 443 (https) as the openssl request
>>> port.
>>>
>>> --
>>> Nigel Wade, System Administrator, Space Plasma Physics Group,
>>> University of Leicester, Leicester, LE1 7RH, UK
>>> E-mail : nmw at ion.le.ac.uk
>>> Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
>>>
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>>
>>
>>
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Thanks!
Rohit Khaladkar
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list