turning of SSL v2 in modssl

turning of SSL v2 in modssl

am 01.08.2002 03:25:09 von AdItYa

Is it sufficient to change:

+SSLv2

to

-SSLv2

in SSLCipherSuite to disable SSLv2 in modssl? Is that enough to at least
temporarily limit the exposure to the latest openssl vulnerability while I
upgrade multiple machines?

Thanks,
Adi
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: turning of SSL v2 in modssl

am 01.08.2002 12:27:05 von Peter Viertel

that will turn it off...see refguide at
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC9

I wonder if it's time to leave SSLv2 off completely? how many browsers
out there dont work with v3 these days?

Aditya wrote:

>Is it sufficient to change:
>
> +SSLv2
>
>to
>
> -SSLv2
>
>in SSLCipherSuite to disable SSLv2 in modssl? Is that enough to at least
>temporarily limit the exposure to the latest openssl vulnerability while I
>upgrade multiple machines?
>
>Thanks,
>Adi
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org