Disabling sslv2 on linux for port 636.

Rohit khaladkar rohit.khaladkar at gmail.com
Tue Jun 2 15:32:41 UTC 2009


We need to use the LDAP service for Logins, so the daemon has to stay there
running.
It's just that sslv2 has to be disabled on port 636.

Appreciate all the help!

Thanks!
Rohit Khaladkar

On Tue, Jun 2, 2009 at 8:59 PM, mark <m.roth2006 at rcn.com> wrote:

> Rohit khaladkar wrote:
> > Here they are :
> > [root at puiqtk01 conf]# lsof -i :636
> > COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
> > slapd   3498 ldap    9u  IPv6  11266       TCP *:ldaps (LISTEN)
> > slapd   3498 ldap   10u  IPv4  11267       TCP *:ldaps (LISTEN)
> >
> Showing this has nothing at all to do with apache.
>
> Is this server an LDAP server, as well? Do you use it as one, or is it
> required
> for logins? If none of the above is true, then you need to shut down the
> LDAP
> daemon.
>
>        mark
> >
> > Thanks!
> > Rohit Khaladkar
> >
> > On Tue, Jun 2, 2009 at 8:32 PM, Harry Hoffman <hhoffman at ip-solutions.net
> >wrote:
> >
> >> Can you run (as root)
> >>
> >> lsof -i :636
> >>
> >> and paste the results?
> >>
> >> Cheers,
> >> Harry
> >>
> >>
> >> Rohit khaladkar wrote:
> >>
> >>> Thanks Nigel.
> >>> I am editing /opt/ABC/CCR/Apache2/conf/ssl.conf   file.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> On Tue, Jun 2, 2009 at 8:04 PM, Nigel Wade <nmw at ion.le.ac.uk> wrote:
> >>>
> >>>  Rohit khaladkar wrote:
> >>>>  Hi All,I want to disable ssl2 on a linux server for Port 636. Here is
> >>>>> the
> >>>>> procedure that I followed :
> >>>>>
> >>>>> 1)Edit ssl.conf and added following entries in it .
> >>>>>
> >>>>> SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
> >>>>> SSLProtocol -All +SSLv3 +TLSv1
> >>>>>
> >>>>> 2)Restarted Apache service.
> >>>>>
> >>>>> 3)Restarted network.
> >>>>>
> >>>>> I checked if ssl2 is disabled using the following command :
> >>>>>
> >>>>> openssl s_client -connect hostname:636 -ssl2
> >>>>>
> >>>>> where hostname= server name
> >>>>>
> >>>>> But it still shows me the certificate. I even tried rebooting the
> >>>>> machine
> >>>>> ,
> >>>>> but no luck.
> >>>>>
> >>>>> Am I missing anything here?.
> >>>>>
> >>>>>
> >>>>>  Port 636 is normally the ldaps port, ie. SSL encrypted LDAP. Are you
> >>>> really
> >>>> listening on that port with Apache? Which ssl.conf did you edit, a
> full
> >>>> path
> >>>> would be rather more specific than just a filename?
> >>>>
> >>>> Maybe you want to replace 636 with 443 (https) as the openssl request
> >>>> port.
> >>>>
> >>>> --
> >>>> Nigel Wade, System Administrator, Space Plasma Physics Group,
> >>>>           University of Leicester, Leicester, LE1 7RH, UK
> >>>> E-mail :    nmw at ion.le.ac.uk
> >>>> Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555
> >>>>
> >>>>
> >>>> --
> >>>> redhat-list mailing list
> >>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >>>> https://www.redhat.com/mailman/listinfo/redhat-list
> >>>>
> >>>>
> >>>
> >>>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >
> >
> >
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



-- 
Thanks!
Rohit Khaladkar



More information about the redhat-list mailing list