Disabling sslv2 on linux for port 636.
Harry Hoffman
hhoffman at ip-solutions.net
Tue Jun 2 16:55:31 UTC 2009
Yep, I believe slapd.conf accepts the same CipherSuite definition... you
might want to just:
man slapd.conf
Cheers,
Harry
Rohit khaladkar wrote:
> So adding the following in slapd.conf should do the trick right..?
> SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
>
> Thanks!
> Rohit Khaladkar
>
> On Tue, Jun 2, 2009 at 8:51 PM, Marti, Rob <RJM002 at shsu.edu> wrote:
>
>> Right. So its not apache listening on that port. Changing apache files
>> will do nothing.
>>
>> Rob Marti
>>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com [mailto:
>> redhat-list-bounces at redhat.com] On Behalf Of Rohit khaladkar
>> Sent: Tuesday, June 02, 2009 10:12 AM
>> To: General Red Hat Linux discussion list
>> Subject: Re: Disabling sslv2 on linux for port 636.
>>
>> Here they are :
>> [root at puiqtk01 conf]# lsof -i :636
>> COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
>> slapd 3498 ldap 9u IPv6 11266 TCP *:ldaps (LISTEN)
>> slapd 3498 ldap 10u IPv4 11267 TCP *:ldaps (LISTEN)
>>
>>
>> Thanks!
>> Rohit Khaladkar
>>
>> On Tue, Jun 2, 2009 at 8:32 PM, Harry Hoffman <hhoffman at ip-solutions.net
>>> wrote:
>>> Can you run (as root)
>>>
>>> lsof -i :636
>>>
>>> and paste the results?
>>>
>>> Cheers,
>>> Harry
>>>
>>>
>>> Rohit khaladkar wrote:
>>>
>>>> Thanks Nigel.
>>>> I am editing /opt/ABC/CCR/Apache2/conf/ssl.conf file.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Tue, Jun 2, 2009 at 8:04 PM, Nigel Wade <nmw at ion.le.ac.uk> wrote:
>>>>
>>>> Rohit khaladkar wrote:
>>>>> Hi All,I want to disable ssl2 on a linux server for Port 636. Here is
>>>>>> the
>>>>>> procedure that I followed :
>>>>>>
>>>>>> 1)Edit ssl.conf and added following entries in it .
>>>>>>
>>>>>> SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
>>>>>> SSLProtocol -All +SSLv3 +TLSv1
>>>>>>
>>>>>> 2)Restarted Apache service.
>>>>>>
>>>>>> 3)Restarted network.
>>>>>>
>>>>>> I checked if ssl2 is disabled using the following command :
>>>>>>
>>>>>> openssl s_client -connect hostname:636 -ssl2
>>>>>>
>>>>>> where hostname= server name
>>>>>>
>>>>>> But it still shows me the certificate. I even tried rebooting the
>>>>>> machine
>>>>>> ,
>>>>>> but no luck.
>>>>>>
>>>>>> Am I missing anything here?.
>>>>>>
>>>>>>
>>>>>> Port 636 is normally the ldaps port, ie. SSL encrypted LDAP. Are you
>>>>> really
>>>>> listening on that port with Apache? Which ssl.conf did you edit, a full
>>>>> path
>>>>> would be rather more specific than just a filename?
>>>>>
>>>>> Maybe you want to replace 636 with 443 (https) as the openssl request
>>>>> port.
>>>>>
>>>>> --
>>>>> Nigel Wade, System Administrator, Space Plasma Physics Group,
>>>>> University of Leicester, Leicester, LE1 7RH, UK
>>>>> E-mail : nmw at ion.le.ac.uk
>>>>> Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
>>>>>
>>>>>
>>>>> --
>>>>> redhat-list mailing list
>>>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>>
>>>>>
>>>>
>>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>>
>>
>> --
>> Thanks!
>> Rohit Khaladkar
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
More information about the redhat-list
mailing list