Rebuilding Apache after SSLv3 fix
Hi,
I'm attempting this fix for SSLv3 here:
Running ssl_cert_status reveals nothing. I've then tried running /scripts/rebuildhttpdconf but all that gave me was similar to this: [url=http://www.singlerack.com/info-rebuildhttpdconf-missing-owner-for-domain-force-lookup-to-root/]info [rebuildhttpdconf] Missing owner for domain, force lookup to root | SingleRack Hosting Solution, which I've now fixed. What should my next fix be? If I roll back the SSLv3 fix, everything is hunky-dory again and Apache restarts fine. Thanks, Clive
Running ssl_cert_status reveals nothing. I've then tried running /scripts/rebuildhttpdconf but all that gave me was similar to this: [url=http://www.singlerack.com/info-rebuildhttpdconf-missing-owner-for-domain-force-lookup-to-root/]info [rebuildhttpdconf] Missing owner for domain, force lookup to root | SingleRack Hosting Solution, which I've now fixed. What should my next fix be? If I roll back the SSLv3 fix, everything is hunky-dory again and Apache restarts fine. Thanks, Clive
-
Hello :) Please post the output from: rpm -qa | grep openssl cat /etc/redhat-release
Also, post the contents from the /usr/local/apache/conf/includes/pre_main_global.conf file on your system. Thank you.0 -
Thanks for your help. Here you go: root@server1 [/]# rpm -qa | grep openssl openssl-1.0.1e-30.el6_5.2.x86_64 openssl-devel-1.0.1e-30.el6_5.2.x86_64 root@server1 [/]# cat /etc/redhat-release CentOS release 6.5 (Final) root@server1 [/]#
androot@server1 [/usr/local/apache/conf/includes]# vi pre_main_global.conf SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+ SSLHonorCipherOrder on ~0 -
I am happy to see you were able to address the issue. Note that our documentation here describes the steps you can take to address the weakness: How to Adjust Cipher Protocols Thank you. 0
Please sign in to leave a comment.
Comments
4 comments