The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Despite contary to configuration, Apache/SSL still responds to SSLv2 requests

Discussion in 'EasyApache' started by movielad, Sep 10, 2009.

  1. movielad

    movielad Well-Known Member
    PartnerNOC

    Joined:
    May 14, 2003
    Messages:
    107
    Likes Received:
    2
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    Hi,

    I have a client who have been using their main shared IP with an SSL certificate. This has generally worked okay. But they now need to ensure that Apache/SSL does NOT respond to SSlv2 and other less than secure protocols and despite the list of ciphers in the Apache Configuration -> General configuration stating that -SSLv2 is set, when querying the server from an external server using:

    openssl s_client -connect domain.com:443 -ssl2

    I get the certificate and a response that indicates that it is still responding to SSLv2. Trying to rebuild the Apache config results in the duplicate user problem. I have since moved the site to it's own dedicated IP, fixed the duplicate user/nobody issue and have tried pushing through the Apache configuration again, but no joy. SSLv2 is still responding.

    Any ideas why, and how best to fix this?

    Many thanks in advance,

    Martyn
     
  2. MattCurry

    MattCurry Well-Known Member

    Joined:
    Aug 18, 2009
    Messages:
    275
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Tx
    SSLv2

    Hello,

    I do see how that could be an issue, I have run across an article that might help you achieve your goal. Here is the URL: Disabling SSLv2 - ServerBeach Forums
    Please let me know if you have any other questions.

    Thank you,
    Matthew Curry
     

Share This Page