Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl

• Previous message: Ian G: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• In reply to: Jacques Vidrine: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Next in thread: Mars G. Miro: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 14 Oct 2005 10:38:56 -0400 (EDT)
To: Jacques Vidrine <jacques@vidrine.us>

Hi, Jacques,

The mod_ssl how-to explains how to run an SSLv2-only Apache server, but not
SSLv2, but assuming that the httpd.conf syntax is the same I thought I'd
substitute the two lines

        SSLProtocol -all +SSLv3
        SSLCipherSuite SSLv3:+HIGH:+MEDIUM:+LOW:+EXP

for the line

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

in that file. Any idea whether this is correct?

Thx. Hope you're well!

David

On Thu, 13 Oct 2005, Jacques Vidrine wrote:

:Date: Thu, 13 Oct 2005 13:44:28 -0700
:From: Jacques Vidrine <jacques@vidrine.us>
:To: Peter Jeremy <PeterJeremy@optushome.com.au>
:Cc: freebsd-security@freebsd.org
:Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl
:
:
:On 2005-10-12, at 12:10 :19, Peter Jeremy wrote:
:
:> On Tue, 2005-Oct-11 09:45:53 -0700, Jacques Vidrine wrote:
:> > On Oct 11, 2005, at 7:25 AM, Ian G wrote:
:> > > Isn't the workaround obviously to switch off V2?
:> >
:> > Yes. Sorry that wasn't mentioned.
:>
:> That sounds like a good workaround. How do I implement it? I've
:> looked through the documentation and can't find any reference to a
:> runtime OpenSSL configuration file that would let me do this.
:
:I'm not aware of a global option for OpenSSL, either. Disabling SSLv2 would
:need to be handled by the application, i.e. turn off SSLv2 for each of your
:SSL/TLS applications. Cheers,
:--
:Jacques Vidrine <jacques@vidrine.us>
:
:
:_______________________________________________
:freebsd-security@freebsd.org mailing list
:http://lists.freebsd.org/mailman/listinfo/freebsd-security
:To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
:
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Ian G: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• In reply to: Jacques Vidrine: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Next in thread: Mars G. Miro: "Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl ... > That sounds like a good workaround. ... > looked through the documentation and can't find any reference to a ... > runtime OpenSSL configuration file that would let me do this. ... SSLv2 for each of your SSL/TLS applications. ... (FreeBSD-Security) sslv3 problem ... i have a web server debian sarge with apache2 ... the https works fine with sslv2 but i can't make it work with sslv3 ... with openssl s_client -connect localhost:443 it's shows me sslv2 only ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ... (Debian-User)