?
Solved

cert question in Linux

Posted on 2014-10-05
2
Medium Priority
?
335 Views
Last Modified: 2014-10-16
I need help answering the following question i came accross ....

A client has had a security assessment conducted of the web servers in their environment. They want the servers to be configured to disable SSL version 2, and to only accept SSL ciphers greater than, or equal to, 128 bits. The web servers in the environment consist of Apache 2.2 on Red Hat Enterprise Linux 6, IIS 6 on Windows Server 2003, and IIS 7.5 on Windows Server 2008 R2. Please answer the following questions:

a)      How do you test the servers to determine which SSL versions and ciphers are currently supported / accepted?
b)      What changes are needed for each of the web servers / operating systems to meet the client's requirements?
0
Comment
Question by:c_hockland
  • 2
2 Comments
 
LVL 62

Accepted Solution

by:
gheist earned 2000 total points
ID: 40362441
a) I'd use free qualys SSL server test on public servers.
b) In general removing unused HTTPS:// listener completely eliminates all SSL versions
SSLv2 is disabled in RHEL5+ and IIS7+
Can you tell if they use mod_ssl or mod_nss at least for RHEL6?
It needs OpenSSL and NSS upgrades firsthand to patch holes bigger than SSLv2.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40385340
Now you can repeat the drill and disable SSLv3 too thanks to some curly haired doggies.
(sure if your customer agrees to pay)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension . This reminded me of questions that come up here at EE along the lines of, "How can I tell the type of file from its cont…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question