https://stackoverflow.com/questions/22245332
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe configuration should set as:
SSLProtocol= "ALL:-SSLv2"
If that does not work also set the cipher suite as:
SSLCipherSuite="ALL:+HIGH:+MEDIUM:+LOW:!SSLv2"
Apache WEB server still responds to requests used SSLv2 protocol. When SSLv2 protocol was disabled
Question
Here is my configuration ...
SSLProtocol -ALL +SSLv3 TLSv1
but Apache WEB server still responds to requests used SSLv2 protocol.
The following is my test log.( Sorry, I cannot attach image because my reputation is under the 10 )
SSLv2 Record Layer: Server Hello
[Version: SSL 2.0 (0x0002)]
Length: 955
Handshake Message Type: Server Hello (4)
Session ID Hit: False
Certificate Type X.509 Certificate (1)
Version: SSL 2.0 (0x0002)
Certificate Length: 928
Cipher Spec Length: 0
Connection ID Length: 16
Certificate blah~blah~
Connection ID
thank you
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
