Product:
Search Type:

[Info] How can I ensure that Apache does not allow SSL 2.0 protocol that has known weaknesses?

Article ID: 1763 
Last Review: Jul,08 2008
APPLIES TO:
  • Plesk for Linux/Unix

RESOLUTION

SYNOPSIS:

I get the warning in my server security report: 

The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.

 

RESOLUTION: 

SSL protocols that are used by Apache can be set by means of "SSLProtocol" option. Please read more about the "mod_ssl" module configuration at http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslprotocol.
To disable SSL v.2 protocol you should modify the "/etc/httpd/conf.d/ssl.conf" or "httpd.conf", add the line:         SSLProtocol all -SSLv2 Restart Apache after configuration files modification. 

Additional information

 Note, real path to Apache or SSL configuration files can be different depending on operation system installed. For more information about apache web server related paths please refer to http://kb.parallels.com/en/5440 article.

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
*Please type the code you can see.
* - required fields