Solved

cert question in Linux

Posted on 2014-10-05
2
319 Views
Last Modified: 2014-10-16
I need help answering the following question i came accross ....

A client has had a security assessment conducted of the web servers in their environment. They want the servers to be configured to disable SSL version 2, and to only accept SSL ciphers greater than, or equal to, 128 bits. The web servers in the environment consist of Apache 2.2 on Red Hat Enterprise Linux 6, IIS 6 on Windows Server 2003, and IIS 7.5 on Windows Server 2008 R2. Please answer the following questions:

a)      How do you test the servers to determine which SSL versions and ciphers are currently supported / accepted?
b)      What changes are needed for each of the web servers / operating systems to meet the client's requirements?
0
Comment
Question by:c_hockland
  • 2
2 Comments
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 40362441
a) I'd use free qualys SSL server test on public servers.
b) In general removing unused HTTPS:// listener completely eliminates all SSL versions
SSLv2 is disabled in RHEL5+ and IIS7+
Can you tell if they use mod_ssl or mod_nss at least for RHEL6?
It needs OpenSSL and NSS upgrades firsthand to patch holes bigger than SSLv2.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40385340
Now you can repeat the drill and disable SSLv3 too thanks to some curly haired doggies.
(sure if your customer agrees to pay)
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These instructions are based on installing Owncloud on your new raspberry pi connected with a usb HDD. What do you need Part A? A Raspberry Pi, model B. A boot SD card for the Raspberry Pi. A usb HDD An Ethernet cable to connect to the lo…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question