ssl issues centos 5.11
Hello,
I performed a scan of our server using ssllabs.com/ssltest/ The server is centOS 5.11 x86_64 running the latest version of openSSL .98. I'm trying to figure out these results & if they truly matter....On all my servers, service config > apache config > global config is set to SSL Cipher Suite ALL:!ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP (default); SSL/TLS Protocols All -SSLv2 -SSLv3 (default). These servers are running the latest version of php 5.4, apache 2.2, mysql 5.5. Under service config > apache config > include editor, the "pre main include, pre virtual host include, and post virtual host include" appear blank. I last compiled apache on 3/25/15 for EA 3.28.5 for latest version of php 5.4
[/var/log]# rpm -q openssl
openssl-0.9.8e-32.el5_11
I did not see any additional SSLCipherSuite entries in httpd.conf
User "Ethical" on (possibly related)
This server supports insecure Diffie-Hellman (DH) key exchange parameters. Grade set to F. Not sure about this one...would appreciate some advice.
This server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F. MORE INFO " According to redhat, centOS 5 is not vulnerable to the freak attack so I assume this is a false positive.
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. MORE INFO " From
-
How do I disable sslv2? According to my options and description above, it should already be disabled but it's not according to the SSL labs test. Would appreciate responses to the other issues but this is the main issue. Thank you. 0 -
Hello, Could you open a support ticket using the link in my signature so we can review your server and determine why the configured values are not detected on the SSL Labs report? You can post the ticket number here so we can update this thread with the outcome. Thank you. 0
Please sign in to leave a comment.
Comments
2 comments