To disable the SSL2.0 protocol and forcing 3.0

For apache 1.3, find the line:

#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

and change it to:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:+eNULL

Note the 2 changes: a) remove the # character at the beginning of the line, and b) change +SSLv2 to !SSLv2

For apache 2.x, do the same thing, but instead it will be in the /etc/httpd/conf/ssl.conf file, or for the new apache system, /etc/httpd/conf/extra/httpd-ssl.conf (if you have both files, just change it in both).

Source : http://directadmin.com/

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.