How to disable SSLv2 in Apache?

Discussion in 'Server Operation' started by cooljai, Oct 15, 2009.

  1. cooljai

    cooljai New Member

    Hi,

    I want to disable SSLv2 and enable SSLv3 in apache on my CentOS 5.2 box (httpd 2.2.3), for that, I've added following lines in my /etc/httpd/conf.d/ssl.conf:
    Code:

    Code:
    SSLProtocol -All +SSLv3 +TLSv1
    SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
    and restarted httpd.

    but it still not disabled, I'm able to connect SSLv2 and getting error for SSL v3:

    Code:
    # openssl s_client -connect localhost:443 -ssl2
    CONNECTED(00000003)
    
    # openssl s_client -connect localhost:443 -ssl3
    CONNECTED(00000003)
    8021:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:284:
    
    Any help will be appreciated.
     
: httpd, ssl

Share This Page