Search Type:
Search for:

Language:

Product:
Category:
No categories for selected product

[Info] How can I ensure that Apache does not allow SSL 2.0 protocol that has known weaknesses?

Article ID: 1763 
Last Review: Dec,24 2008
Author: Dmitry Frantsev
Last updated by: system APPLIES TO:
  • Parallels Plesk Panel for Linux/Unix

Resolution

SYNOPSIS:

I get the warning in my server security report: 

The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.

 

RESOLUTION: 

SSL protocols that are used by Apache can be set by means of "SSLProtocol" option. Please read more about the "mod_ssl" module configuration at http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslprotocol.
To disable SSL v.2 protocol you should modify the "/etc/httpd/conf.d/ssl.conf" or "httpd.conf", add the line:         SSLProtocol all -SSLv2 Restart Apache after configuration files modification. 

Additional information

 Note, real path to Apache or SSL configuration files can be different depending on operation system installed. For more information about apache web server related paths please refer to http://kb.parallels.com/en/5440 article.


Subscription for changes to this article Subscription for changes to this article

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
* - required fields
 
 
 
 
 
 
For Home
For Business
For Hosters
For SaaS
For Developers
 
Desktop Virtualization
- Parallels Desktop Switch to Mac Edition
- Parallels Desktop for Mac
- Parallels Desktop 4 for Windows & Linux
- Parallels Workstation Extreme
- Parallels Solution for Windows 7
Server Virtualization
- Parallels Server for Mac
- Parallels Server 4 Bare Metal
- Parallels Virtuozzo Containers
Automation
- Parallels Operations Automation
- Parallels Business Automation
- Parallels Virtual Automation
- Parallels Plesk Panel Suite
More Products