Hello List! I have a client that is using openssl version, 0.9.7a Feb 19 2003. Recently, he ran a security audit on his machine, and the report came back stated the following:
Vulnerability -- imaps (993/tcp) - 21643 Synopsis : The remote service supports the use of weak SSL ciphers Vulnerability -- pop3s (995/tcp) - 21643 Synopsis : The remote service supports the use of weak SSL ciphers The ciphers that he is using is this: SSL_RSA_WITH_RC4_128_MD5\ ,SSL_RSA_WITH_RC4_128_SHA\ ,TLS_RSA_WITH_AES_128_CBC_SHA\ ,TLS_DHE_RSA_WITH_AES_128_CBC_SHA\ ,TLS_DHE_DSS_WITH_AES_128_CBC_SHA\ ,SSL_RSA_WITH_3DES_EDE_CBC_SHA\ ,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA\ ,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA\ ,SSL_RSA_WITH_DES_CBC_SHA\ ,SSL_DHE_RSA_WITH_DES_CBC_SHA\ ,SSL_DHE_DSS_WITH_DES_CBC_SHA\ ,SSL_RSA_EXPORT_WITH_RC4_40_MD5\ ,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA\ ,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA\ ,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA Questions 1) I believe these are sslv3 ciphers, but is there a way to verify the above string is sslv3 compliant? 2) Is there a way to *turn off* sslv2 in openssl? My best to you all, king0770 ____________________________________________________________________________________ Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]