Product:
Search Type:

How can I ensure that Apache does not allow SSL 2.0 protocol that has known weaknesses?

Article ID: 1763 
Last Review: Mar,27 2007
APPLIES TO:
  • Plesk for Linux/Unix

RESOLUTION

SYNOPSIS:

I get the warning in my server security report: 

The remote service encrypts traffic using a protocol with known weaknesses. Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.

 

RESOLUTION: 

SSL protocols that are used by Apache can be set by means of "SSLProtocol" option. Please read more about the "mod_ssl" module configuration at http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslprotocol.

To disable SSL v.2 protocol you should modify the "/etc/httpd/conf.d/ssl.conf" or "httpd.conf", add the line:    
 
    SSLProtocol all -SSLv2
 
Restart Apache after configuration files modification. 

Please provide feedback on this article

Did this article help you solve your issue?
Yes
No
Partially
I do not know yet
 
Strongly Agree   Strongly Disagree
  9 8 7 6 5 4 3 2 1
The article is easy to understand
The article is accurate
Additional Comments:
*Please provide us with your email address in case we need to contact you.
*Please type the code you can see.
* - required fields