====== Apache 關閉 SSL v2 的方式 ======
* OS : CentOS 4 (CentOS 5 預設就是關閉, 可以不用處理)
* httpd-2.0.52-41.ent.6.centos4
* mod_ssl-2.0.52-41.ent.6.centos4
===== 設定關閉 SSL v2 =====
**重點只是在設定檔內增加 SSLProtocol all -SSLv2**
vi /etc/httpd/conf.d/ssl.conf
:
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
:
service httpd restart
===== 驗證確認是否關閉 =====
echo "HEAD / HTTP 1.0" | openssl s_client -ssl2 -connect localhost:443
**正常應該要出現類似以下訊息**
CONNECTED(00000003)
21125:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:429:
[root@eddev ~]#
**如果出現類似以下訊息表示可支援 SSL v2**
:
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : SSLv2
Cipher : DES-CBC3-MD5
Session-ID: EEB8BC7BB76FF59A8AA046D531891D7B
Session-ID-ctx:
Master-Key: 9CDDA4BEB0E47E9087248343F0C335CE61CB762B4C77E6AF
Key-Arg : D0DCAB07A908DE66
Krb5 Principal: None
Start Time: 1265596203
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
DONE
===== 參考網頁 =====
* http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
* http://www.securityfocus.com/infocus/1818
{{tag>apache centos4 ssl https}}