Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
477 views

disable ssl2 in apache2

Running an oes2sp3 server on sles10sp4. We had a penetration test run,
and one thing was suggested to fix.

Wondering how one would disable ssl2 in apache2 on this box. I haven't
been able to find much on this, most of what I find is for straight
sles, cent os, etc.

Suggestions?

--
Stevo
Labels (2)
0 Likes
2 Replies
Absent Member.
Absent Member.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The steps for Apache on Linux should be pretty consistent across
distros; the conf files are in /etc/apache2 and look for files with
'ssl' in the name. Disabling ciphers is pretty straight-forward as I
recall.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQT24HAAoJEF+XTK08PnB51QcP/30YbPsshXnkJtE/MhiQebqT
nd/EIqWtkgSrYv6yAcIpGTowKD/RNHL1KCdAaSlmCbB3sPaAOCFJrZVgUHam2eHE
5HPBnRH6VeAf/Qryu0faJ+kMNrFkWdtCR9TluSL19BuwaC0Kk06RCziIpMt6NJcB
uxHSecm1Zf7BT+9pNYxwi8DJ5ypO3Q8Zzr6S4aDDOoPQwWvgWMEqoAVRaJ4nVKgf
78Vh+MJaaNwNhhGxBVpcqhB6zYdSpCVzusB03TLDv3nk7yov8pDaXYfEbCuFRaLi
w27bIr+ZG8BBEex1UMF8Wft3+4DhksFyX585akZiuPM0V+15Leg0r7Uu4XlHfDT8
z5qPQoIZXC20cPBiLwiuT5xTAOL04VSIUiw85JmAlLj3HUZ2Obf+vlyrn81q2x6E
fZzGakTEPP1irTiS7GZkHB3FcRjzUs7uAqQGsKg6ahE2JneCeRakUSZ5Gg6hoIzZ
Z+MXwihThd6fcPC4THKBVgWqiinrrmzqFwctj+Rp1blxeYe7gnzq41uutoDsk9Vh
BbVnTv5iUyB8tIbaqKPuPl9DSI4odQ05iVl4EWCi+ARt74eqD20iJe647dfk9xst
Pbu8Gr4epmgEXt9+6OMD//veqgJytgDFj7QPy21Yoxmhv5IUuVJV73pw37MWI6Iz
tPZC/rD/Z/hGl0+x39kL
=nNes
-----END PGP SIGNATURE-----
0 Likes
Absent Member.
Absent Member.

ab sounds like they 'said':

> The steps for Apache on Linux should be pretty consistent across
> distros; the conf files are in /etc/apache2 and look for files with
> 'ssl' in the name. Disabling ciphers is pretty straight-forward as I
> recall.


So my response to ab's comment is...

I found a doc finally that walked me through it. I believe I have ssl2
disabled, now to see about the 'Weak' Ciphers.

--
Stevo
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.