差異處

這裏顯示兩個版本的差異處。

--- tech:apache_sslv2 [2010/02/08 10:33] – 建立 jonathan
+++ tech:apache_sslv2 [2010/02/08 10:34] (目前版本) – jonathan
@@ 行 1: / 行 1: @@
+====== Apache 關閉 SSL v2 的方式 ======
+  * OS : CentOS 4 (CentOS 5 預設就是關閉, 可以不用處理)
+  * httpd-2.0.52-41.ent.6.centos4
+  * mod_ssl-2.0.52-41.ent.6.centos4
+===== 設定關閉 SSL v2 =====
+**重點只是在設定檔內增加 SSLProtocol all -SSLv2**
+<code sh>
+vi /etc/httpd/conf.d/ssl.conf
+</code>
+<file>
+:
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+SSLProtocol all -SSLv2
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
+:
+</file>
+<code sh>
+service httpd restart
+</code>
+===== 驗證確認是否關閉 =====
+<code sh>
+echo "HEAD / HTTP 1.0" | openssl s_client -ssl2 -connect localhost:443
+</code>
+**正常應該要出現類似以下訊息**
+<file>
+CONNECTED(00000003)
+:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:429:
+[root@eddev ~]#
+</file>
+**如果出現類似以下訊息表示可支援 SSL v2**
+<file>
+:
+---
+New, SSLv2, Cipher is DES-CBC3-MD5
+Server public key is 1024 bit
+SSL-Session:
+    Protocol  : SSLv2
+    Cipher    : DES-CBC3-MD5
+    Session-ID: EEB8BC7BB76FF59A8AA046D531891D7B
+    Session-ID-ctx:
+    Master-Key: 9CDDA4BEB0E47E9087248343F0C335CE61CB762B4C77E6AF
+    Key-Arg   : D0DCAB07A908DE66
+    Krb5 Principal: None
+    Start Time: 1265596203
+    Timeout   : 300 (sec)
+    Verify return code: 18 (self signed certificate)
+---
+DONE
+</file>
+===== 參考網頁 =====
+  * http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
+  * http://www.securityfocus.com/infocus/1818
+{{tag>apache centos4 ssl https}}