Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

cert question in Linux

Posted on 2014-10-05
2
Medium Priority
?
331 Views
Last Modified: 2014-10-16
I need help answering the following question i came accross ....

A client has had a security assessment conducted of the web servers in their environment. They want the servers to be configured to disable SSL version 2, and to only accept SSL ciphers greater than, or equal to, 128 bits. The web servers in the environment consist of Apache 2.2 on Red Hat Enterprise Linux 6, IIS 6 on Windows Server 2003, and IIS 7.5 on Windows Server 2008 R2. Please answer the following questions:

a)      How do you test the servers to determine which SSL versions and ciphers are currently supported / accepted?
b)      What changes are needed for each of the web servers / operating systems to meet the client's requirements?
0
Comment
Question by:c_hockland
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 62

Accepted Solution

by:
gheist earned 2000 total points
ID: 40362441
a) I'd use free qualys SSL server test on public servers.
b) In general removing unused HTTPS:// listener completely eliminates all SSL versions
SSLv2 is disabled in RHEL5+ and IIS7+
Can you tell if they use mod_ssl or mod_nss at least for RHEL6?
It needs OpenSSL and NSS upgrades firsthand to patch holes bigger than SSLv2.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40385340
Now you can repeat the drill and disable SSLv3 too thanks to some curly haired doggies.
(sure if your customer agrees to pay)
0

Featured Post

Linux Academy Android App Now Supports Chromecast

We have some fantastic news for our Android fans. We’re so excited to announce that the Linux Academy Android app is now available with Chromecast support. That’s right – simply download the latest update of the Linux Academy App and start casting your favorite course videos!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The task of choosing a web design company to build a website for your business should never be taken in a light manner. Provided the fact that your website will act as a representative to your business and will be responsible for imposing an online …
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question