[Ach] Looks like SSLv3 is enabled for httpd in spec?
Sebastian
sebix at sebix.at
Wed Mar 2 14:42:49 CET 2016
Hi,
This enables the cipherstring-group SSLv3, not the protocol.
To see if the protocol is used, test with e.g. sslyze or
openssl s_client -ssl3 -connect example.com:443
Sebastian
On 03/02/2016 03:33 PM, Martin wrote:
> Hi,
>
> For httpd the spec says
>
> SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
>
> where it is the :+SSLv3: part that to me looks like it is enabled despite the
>
> SSLProtocol All -SSLv2 -SSLv3
>
>
> Can anyone tell me, if :+SSLv3: really should be there?
>
> Best regards,
> Martin
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
> --
> python programming - mail server - photo - video - https://sebix.at
> cryptographic key at https://sebix.at/DC9B463B.asc and on public keyservers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20160302/bcab3346/attachment.sig>
More information about the Ach
mailing list