|If you're trying to become PCI compliant, one common check they do is to see if any of your SSL connections are using SSLv3.|
If you want to check your own setup first to ensure it will pass this check, you can use the command:
openssl s_client -port 2222 -host 127.0.0.1 -ssl3where you're replace the bold items with the things respective values you're trying to test. In the above example, we're checking DA on port 2222 locally (127.0.0.1), but a remote check to anywhere else, with any port can be used.
The above code will produce some output. If SSLv3 is not allowed in that connection (which is good), then you'll see about 3 to 7 lines of output, and the last line will show:
140506571089736:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
If the connection worked (bad if testing for -ssl3), then you'll see a full page of output, including all certificate information, as well as the certificate itself.
Some services like exim use TLS for their ssl connection. In that case, you'd use -tls1 to test to enusre TLSv1 still works.
To set ciphers for the services, see this guide:
|Setting up DA with an SSL certificate|
|Current SSL cipher lists for DirectAdmin servers|
© 2003 JBMC Software, Suite 173 3-11 Bellerose Drive, St Albert, AB T8N 1P7 Canada. Mon-Fri 9AM-5PM MST