Thread: How to disable SSLv2 in Apache?
View Single Post
  #1  
Old 15th October 2009, 09:19
cooljai cooljai is offline
Member
  
Join Date: May 2007
Location: /dev/random
Posts: 31
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via Yahoo to cooljai
Question How to disable SSLv2 in Apache?
Hi,

I want to disable SSLv2 and enable SSLv3 in apache on my CentOS 5.2 box (httpd 2.2.3), for that, I've added following lines in my /etc/httpd/conf.d/ssl.conf:
Code:

Code:
SSLProtocol -All +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
and restarted httpd.

but it still not disabled, I'm able to connect SSLv2 and getting error for SSL v3:

Code:
# openssl s_client -connect localhost:443 -ssl2
CONNECTED(00000003)

# openssl s_client -connect localhost:443 -ssl3
CONNECTED(00000003)
8021:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284:
Any help will be appreciated.
__________________
Jagbir
Registered Linux User #468658.
Reply With Quote
Sponsored Links