The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

disable SSL 2.0 and use SSL 3.0

Discussion in 'Security' started by dvolsysop, Jan 8, 2010.

  1. dvolsysop

    dvolsysop Registered

    Joined:
    Nov 4, 2005
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    On a PCI compliance scan...

    The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. See also : http://www.schneier.com/paper-ssl.pdf Solution: Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Risk Factor: Medium / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

    How does one go about disabling SSL 2.0 and using SSL 3.0?
    If this is done will any other services be affected?

    Thanks!
     
  2. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    To enable SSL 3.0

    To enable SSL 3.0, you will have to manually edit apache configuration file /usr/local/apache/conf/httpd.conf and edit following code:

    <IfDefine SSL>
    </IfDefine>
     
Loading...

Share This Page