The remote service supports the use of weak SSL ciphers.

Modify the /etc/apache2/vhosts.d/vhost-ssl.conf with the following line:

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

 

change to:

SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:+eNULL" set in

 

The “!” prevents the export of the ciphers causing problems.

Change +LOW to !LOW to prevent all low strength ciphers
Change +SSLv2 to !SSLv2 to preven all SSL version 2.0 chipers
Change +EXP to !EXP to prevent all export ciphers.

Deprecated SSL Protocol Usage

Add the following to /etc/apache2/vhosts.d/vhost-ssl.conf

"SSLProtocol -All +SSLv3 +TLSv1"

 

-All removes all SSL Protocols
+SSLv3 adds SSL version 3
+TLSv1 add TLS version 1

Restart apache (rcapache2 restart) and rescan

(Visited 1 times, 1 visits today)
Tags: ,
Category: SUSE Linux Enterprise Server, Technical Solutions
This entry was posted Friday, 7 November, 2008 at 12:23 pm
You can follow any responses to this entry via RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet