Solved

cert question in Linux

Posted on 2014-10-05
2
311 Views
Last Modified: 2014-10-16
I need help answering the following question i came accross ....

A client has had a security assessment conducted of the web servers in their environment. They want the servers to be configured to disable SSL version 2, and to only accept SSL ciphers greater than, or equal to, 128 bits. The web servers in the environment consist of Apache 2.2 on Red Hat Enterprise Linux 6, IIS 6 on Windows Server 2003, and IIS 7.5 on Windows Server 2008 R2. Please answer the following questions:

a)      How do you test the servers to determine which SSL versions and ciphers are currently supported / accepted?
b)      What changes are needed for each of the web servers / operating systems to meet the client's requirements?
0
Comment
Question by:c_hockland
  • 2
2 Comments
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
ID: 40362441
a) I'd use free qualys SSL server test on public servers.
b) In general removing unused HTTPS:// listener completely eliminates all SSL versions
SSLv2 is disabled in RHEL5+ and IIS7+
Can you tell if they use mod_ssl or mod_nss at least for RHEL6?
It needs OpenSSL and NSS upgrades firsthand to patch holes bigger than SSLv2.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40385340
Now you can repeat the drill and disable SSLv3 too thanks to some curly haired doggies.
(sure if your customer agrees to pay)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now