How to disable SSL2.0 in apache


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » Apache Related Information

How to disable SSL2.0 in apacheLast Modified: Jun 6, 2010, 3:29 pm
To disable the SSL2.0 protocol (thus forcing 3.0),
for apache 1.3, find the line:

#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

and change it to:

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:+eNULL

Note the 2 changes: a) remove the # character at the beginning of the line, and b) change +SSLv2 to !SSLv2


For apache 2.x, do the same thing, but instead it will be in the /etc/httpd/conf/ssl.conf file, or for the new apache system, /etc/httpd/conf/extra/httpd-ssl.conf  (if you have both files, just change it in both).

Related links:
http://www.directadmin.com/forum/showthread.php?t=36143
http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html

2003 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST