Disabling sslv2 on linux for port 636.

Marti, Rob RJM002 at shsu.edu
Tue Jun 2 15:21:26 UTC 2009 

Right.  So its not apache listening on that port.  Changing apache files will do nothing.

Rob Marti

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Rohit khaladkar
Sent: Tuesday, June 02, 2009 10:12 AM
To: General Red Hat Linux discussion list
Subject: Re: Disabling sslv2 on linux for port 636.

Here they are :
[root at puiqtk01 conf]# lsof -i :636
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
slapd   3498 ldap    9u  IPv6  11266       TCP *:ldaps (LISTEN)
slapd   3498 ldap   10u  IPv4  11267       TCP *:ldaps (LISTEN)


Thanks!
Rohit Khaladkar

On Tue, Jun 2, 2009 at 8:32 PM, Harry Hoffman <hhoffman at ip-solutions.net>wrote:

> Can you run (as root)
>
> lsof -i :636
>
> and paste the results?
>
> Cheers,
> Harry
>
>
> Rohit khaladkar wrote:
>
>> Thanks Nigel.
>> I am editing /opt/ABC/CCR/Apache2/conf/ssl.conf   file.
>>
>>
>>
>>
>>
>>
>> On Tue, Jun 2, 2009 at 8:04 PM, Nigel Wade <nmw at ion.le.ac.uk> wrote:
>>
>>  Rohit khaladkar wrote:
>>>
>>>  Hi All,I want to disable ssl2 on a linux server for Port 636. Here is
>>>> the
>>>> procedure that I followed :
>>>>
>>>> 1)Edit ssl.conf and added following entries in it .
>>>>
>>>> SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
>>>> SSLProtocol -All +SSLv3 +TLSv1
>>>>
>>>> 2)Restarted Apache service.
>>>>
>>>> 3)Restarted network.
>>>>
>>>> I checked if ssl2 is disabled using the following command :
>>>>
>>>> openssl s_client -connect hostname:636 -ssl2
>>>>
>>>> where hostname= server name
>>>>
>>>> But it still shows me the certificate. I even tried rebooting the
>>>> machine
>>>> ,
>>>> but no luck.
>>>>
>>>> Am I missing anything here?.
>>>>
>>>>
>>>>  Port 636 is normally the ldaps port, ie. SSL encrypted LDAP. Are you
>>> really
>>> listening on that port with Apache? Which ssl.conf did you edit, a full
>>> path
>>> would be rather more specific than just a filename?
>>>
>>> Maybe you want to replace 636 with 443 (https) as the openssl request
>>> port.
>>>
>>> --
>>> Nigel Wade, System Administrator, Space Plasma Physics Group,
>>>           University of Leicester, Leicester, LE1 7RH, UK
>>> E-mail :    nmw at ion.le.ac.uk
>>> Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555
>>>
>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>>
>>
>>
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



-- 
Thanks!
Rohit Khaladkar
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list