ALL: Disable SSLV2 -PCI Compliance
Published by expire0
Posted on March 01, 2009
To disable SSLv2 server-wide add this in your ssl.conf:
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM
or ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL
Test using the following command via linux
openssl s_client -host (host-ip) -port 443 -verify -debug -ssl2
you can also try
curl –cipher SSLv2 domain.com:443
openssl s_client -connect domain:443 -state
openssl s_client -connect domain:443 -sslv2
*change (host-ip) with the domain name or the server ip address
if SSL2 is disable
You should see an output similar to this if its disabled:
verify depth is 0
CONNECTED(00000003)
4738:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:429:
or
verify depth is 0
CONNECTED(00000003)
write:errno=104
=======================
enabling only strong ciphers in apache
Good tool to check SSL ciphers
=========
Cpanel:
The SSLCipherSuite can be customized in cPanel/WHM 11.24 by going to WHM -> Service Configuration -> Apache Configuration -> Global Configuration. This is the place where you can disable SSL 2.0 support if you desire. Click the “more info” link on that page for more info.
Reference 2
Reference 3
Disable sslv2 on windows
- An error has occurred, which probably means the feed is down. Try again later.