Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

cert question in Linux

Posted on 2014-10-05
2
Medium Priority
?
332 Views
Last Modified: 2014-10-16
I need help answering the following question i came accross ....

A client has had a security assessment conducted of the web servers in their environment. They want the servers to be configured to disable SSL version 2, and to only accept SSL ciphers greater than, or equal to, 128 bits. The web servers in the environment consist of Apache 2.2 on Red Hat Enterprise Linux 6, IIS 6 on Windows Server 2003, and IIS 7.5 on Windows Server 2008 R2. Please answer the following questions:

a)      How do you test the servers to determine which SSL versions and ciphers are currently supported / accepted?
b)      What changes are needed for each of the web servers / operating systems to meet the client's requirements?
0
Comment
Question by:c_hockland
  • 2
2 Comments
 
LVL 62

Accepted Solution

by:
gheist earned 2000 total points
ID: 40362441
a) I'd use free qualys SSL server test on public servers.
b) In general removing unused HTTPS:// listener completely eliminates all SSL versions
SSLv2 is disabled in RHEL5+ and IIS7+
Can you tell if they use mod_ssl or mod_nss at least for RHEL6?
It needs OpenSSL and NSS upgrades firsthand to patch holes bigger than SSLv2.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40385340
Now you can repeat the drill and disable SSLv3 too thanks to some curly haired doggies.
(sure if your customer agrees to pay)
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Relic recently released its Synthetics product that allows for the creation of performance monitors that periodically test a site's performance. If you wish to test an interactive workflow New Relic employs Selenium WebDriverJS to run those test…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question