----- "Denise Edwards" <denise.edwa...@bowne.com> wrote: > Hi, > > > > Received security can results which had two issues: > > 1-SSL Server Supports Weak Encryption Vulnerability > > 2-SSL Server Has SSLv2 Enabled Vulnerability > > > > Two questions: > > - Has anyone had to address these issues for their installation of > Apache httpd
Yes. > - If so what did you do? Not what you did. > > Background info: > > - I’m using Apache httpd v2.2.10 Why not run the latest ;) > - SSLCipherSuite property includes high, medium, low and SSLv2 And that's your problem. SSLProtocol TLSv1 SSLv3 SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5 This config should be reasonably fast (at least with 2.3 ;) and ``PCI DSSS compliant'' See Paul Querna's Overclocking mod_ssl article for more info: http://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/ > Regards > > Denise i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
