Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

patch "SSL Protocol Version 2 Detection"

Discussion in 'General Discussion' started by jusfeel, Jul 24, 2008.

  1. jusfeel

    jusfeel Registered

    Joined:
    Mar 2, 2008
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    Beijing
    Hi,

    We need some help to secure our server. I don't know how to patch this via Cpanel. Here is what the vulnerablity description and recommended solution I got. Does anyone know something?
    -----
    The remote service appears to encrypt traffic using SSL protocol version 2.

    Netscape Communications Corporation introduced SSL 2.0 with the launch of Netscape Navigator 1.0 in 1994 and it contains several well-known weaknesses. For example, SSLv2 doesn't provide any protection against man-in-the-middle attacks during the handshake, and uses the same cryptographic keys for message authentication and for encryption.

    In Internet Explorer 7, the default HTTPS protocol settings are changed to disable the weaker SSLv2 protocol and to enable the stronger TLSv1 protocol. By default, IE7 users will only negotiate HTTPS connections using SSLv3 or TLSv1. Mozilla Firefox is expected to drop support for SSLv2 in its upcoming versions.

    As almost all modern browsers support SSLv3, disabling support for the weaker SSL method should have minimal impact. The following browsers support SSLv3:
      Internet Explorer 5.5 or higher (PC)
      Internet Explorer 5.0 or higher (Mac)
      Netscape 2.0 (Domestic) or higher (PC/Mac)
      Firefox 0.8 or higher (PC/Mac/Linux)
      Mozilla 1.7 or higher (PC/Mac/Linux)
      Camino 0.8 or higher (Mac)
      Safari 1.0 or higher (Mac)
      Opera 1.7 or higher (PC/Mac)
      Omniweb 3.0 or higher (Mac)
      Konqueror 2.0 or higher (Linux)

    General Solution
    Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. Consult your documentation to identify how to reconfigure the affected application to avoid use of weak ciphers. Some knowledge base articles are listed below.

    Apache Implementation:
    In Apache, you need to modify the SSLCipherSuite directive in the httpd.conf or ssl.conf file. An example would be editing the following lines to something like:
    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

    More information can be read by clicking the Apache sslciphersuite directive information link below.


    James
     
    #1 jusfeel, Jul 24, 2008
(You must log in or sign up to post here.)
Loading...
Similar Threads - patch Protocol Version
  1. rpvw

    Pending Publication [CPANEL-25973] Security Advisor does not recognize KernelCare patch on CloudLinux

    rpvw, Mar 18, 2019, in forum: CloudLinux
    Replies:
    1
    Views:
    429
    cPanelMichael
    Mar 18, 2019
  2. Samet Chan

    SOLVED [CPANEL-22957] kcarectl reporting unknown patch type

    Samet Chan, Dec 3, 2018, in forum: General Discussion
    Replies:
    4
    Views:
    463
    cPAusaf
    Dec 5, 2018
  3. Nirjonadda

    Removed open_basedir patch from EasyApache 4 systems

    Nirjonadda, Oct 19, 2018, in forum: EasyApache
    Replies:
    3
    Views:
    407
    cPanelLauren
    Oct 23, 2018
  4. CanadaGuy

    KernelCare Patch Unknown Kernel Alerts

    CanadaGuy, Oct 9, 2018, in forum: Security
    Replies:
    8
    Views:
    474
    cPanelLauren
    Oct 12, 2018
  5. CanSpace

    Adding KernelCare patch via command line

    CanSpace, Sep 25, 2018, in forum: Security
    Replies:
    9
    Views:
    285
    cPanelLauren
    Sep 26, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice