{"id":188,"date":"2009-12-12T09:56:00","date_gmt":"2009-12-12T09:56:00","guid":{"rendered":"https:\/\/d-mashina.net\/index.php\/2009\/12\/12\/sslv3-and-nessus-security-scan\/"},"modified":"2009-12-12T09:56:00","modified_gmt":"2009-12-12T09:56:00","slug":"sslv3-and-nessus-security-scan","status":"publish","type":"post","link":"https:\/\/d-mashina.net\/index.php\/2009\/12\/12\/sslv3-and-nessus-security-scan\/","title":{"rendered":"SSLv3 and Nessus security scan"},"content":{"rendered":"<p>I&#8217;ve web server and Nessus security scan reports that SSLv2 is not good enough for my web server. What have you need to do, to disable SSLv2 and enable SSLv3 or TLSv1. It&#8217;s really easy, you need only to change your main ssl.conf configuration file:<\/p>\n<blockquote><p><t><b>SSLProtocol -ALL +SSLv3 +TLSv1<\/b><br \/>\n<t><b>SSLCipherSuite  ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<\/b><\/t><\/t>\n<\/p><\/blockquote>\n<p>&nbsp;Now you can try to make connection from command prompt:<\/p>\n<blockquote><p><b>openssl s_client \u2013ssl2 \u2013connect virtualhost:443<\/b>\n<\/p><\/blockquote>\n<p>Make sure you get error in this one and fine output on those below.<b>&nbsp;<\/b><\/p>\n<blockquote><p><b>openssl s_client \u2013ssl3 \u2013connect virtualhost:443<br \/>\nopenssl s_client \u2013tls1 \u2013connect virtualhost:443<\/b>\n<\/p><\/blockquote>\n<p>\nConfiguration file is in <b>\/etc\/httpd\/conf.d<\/b> on RedHat Linux and clones and in <b>\/etc\/apache2\/conf.d<\/b> on SuSE Linux. You must restart Apache web server after making changes.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve web server and Nessus security scan reports that SSLv2 is not good enough for my web server. What have you need to do, to disable SSLv2 and [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-188","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/posts\/188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/comments?post=188"}],"version-history":[{"count":0,"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/posts\/188\/revisions"}],"wp:attachment":[{"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/media?parent=188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/categories?post=188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/d-mashina.net\/index.php\/wp-json\/wp\/v2\/tags?post=188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}