Disabling sslv2 on linux for port 636.
Harry Hoffman
hhoffman at ip-solutions.net
Tue Jun 2 15:02:36 UTC 2009
Can you run (as root)
lsof -i :636
and paste the results?
Cheers,
Harry
Rohit khaladkar wrote:
> Thanks Nigel.
> I am editing /opt/ABC/CCR/Apache2/conf/ssl.conf file.
>
>
>
>
>
>
> On Tue, Jun 2, 2009 at 8:04 PM, Nigel Wade <nmw at ion.le.ac.uk> wrote:
>
>> Rohit khaladkar wrote:
>>
>>> Hi All,I want to disable ssl2 on a linux server for Port 636. Here is the
>>> procedure that I followed :
>>>
>>> 1)Edit ssl.conf and added following entries in it .
>>>
>>> SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
>>> SSLProtocol -All +SSLv3 +TLSv1
>>>
>>> 2)Restarted Apache service.
>>>
>>> 3)Restarted network.
>>>
>>> I checked if ssl2 is disabled using the following command :
>>>
>>> openssl s_client -connect hostname:636 -ssl2
>>>
>>> where hostname= server name
>>>
>>> But it still shows me the certificate. I even tried rebooting the machine
>>> ,
>>> but no luck.
>>>
>>> Am I missing anything here?.
>>>
>>>
>> Port 636 is normally the ldaps port, ie. SSL encrypted LDAP. Are you really
>> listening on that port with Apache? Which ssl.conf did you edit, a full path
>> would be rather more specific than just a filename?
>>
>> Maybe you want to replace 636 with 443 (https) as the openssl request port.
>>
>> --
>> Nigel Wade, System Administrator, Space Plasma Physics Group,
>> University of Leicester, Leicester, LE1 7RH, UK
>> E-mail : nmw at ion.le.ac.uk
>> Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
>>
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
>
>
More information about the redhat-list
mailing list