Thanks. -----Original Message----- From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk] Sent: Wednesday, October 20, 2010 3:54 AM To: users@httpd.apache.org Subject: Re: [us...@httpd] SSL vulnerability question
> ----- "Denise Edwards" <denise.edwa...@bowne.com> wrote: > > Received security can results which had two issues: > > > > 1-SSL Server Supports Weak Encryption Vulnerability > > > > 2-SSL Server Has SSLv2 Enabled Vulnerability [...] > > - SSLCipherSuite property includes high, medium, low and SSLv2 On 18.10.10 17:25, Igor Galić wrote: > And that's your problem. > > > SSLProtocol TLSv1 SSLv3 > SSLCipherSuite RC4-SHA:AES256-SHA:ALL:!ADH:!MD5 I use: SSLCipherSuite DEFAULT:!EXP:!LOW you can list those by issuing: openssl ciphers -v '<cipherlist>' -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org CONFIDENTIALITY NOTICE: The information in this Internet email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
