FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux
Reload this Page openssl and weak ciphers

 
 
LinkBack Thread Tools
 
Old 12-11-2008, 04:10 PM
"Jay Berryman"
 
Default openssl and weak ciphers
I am trying to figure out how to disable weak cipher suites within
openssl and haven't had much luck. Does anyone know how to do this?



Jay Berryman
Systems Engineer
+1 402.963.6347 T

+1 402.963.6051 F
jay.berryman@sitel.com



Sitel
5601 N 103rd St
Omaha, NE 68132
+1 402.963.6001
www.sitel.com <http://www.sitel.com/>



**CONFIDENTIAL NOTICE**
This e-mail and any files transmitted with it may contain PRIVILEGED or CONFIDENTIAL information and may be read or used only by the intended recipient. If you are not the intended recipient of the e-mail or any of its attachments, please be advised that you have received this e-mail in error and that any use, dissemination, distribution, forwarding, printing, or copying of this e-mail or any attached files is strictly prohibited. If you have received this e-mail in error, please immediately purge it and all attachments and notify the sender by reply e-mail.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 12-11-2008, 05:11 PM
mark
 
Default openssl and weak ciphers
Jay Berryman wrote:
> I am trying to figure out how to disable weak cipher suites within
> openssl and haven't had much luck. Does anyone know how to do this?

Are you doing this for apache? If so, in the ssl.conf (or whatever you've got
it in, you can change options... I'm having trouble here, since I no longer
work where I was, so I can't just pull configuration files up that I know well,
but remove +LOW, at least.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 12-11-2008, 05:16 PM
"Rohit khaladkar"
 
Default openssl and weak ciphers
I guess I had this problem earlier. I changed the ssl.conf file as
following:

SSLProtocol all -SSLv2
SSLCipherSuite
ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL


Hope this helps.



Thanks!

Rohit Khaladkar.





On 12/11/08, Jay Berryman <jay.berryman@sitel.com> wrote:
>
> I am trying to figure out how to disable weak cipher suites within
> openssl and haven't had much luck. Does anyone know how to do this?
>
>
>
> Jay Berryman
> Systems Engineer
> +1 402.963.6347 T
>
> +1 402.963.6051 F
> jay.berryman@sitel.com
>
>
>
> Sitel
> 5601 N 103rd St
> Omaha, NE 68132
> +1 402.963.6001
> www.sitel.com <http://www.sitel.com/>
>
>
>
> **CONFIDENTIAL NOTICE**
> This e-mail and any files transmitted with it may contain PRIVILEGED or
> CONFIDENTIAL information and may be read or used only by the intended
> recipient. If you are not the intended recipient of the e-mail or any
> of its attachments, please be advised that you have received this e-mail in
> error and that any use, dissemination, distribution, forwarding, printing,
> or copying of this e-mail or any attached files is strictly prohibited. If
> you have received this e-mail in error, please immediately purge it and all
> attachments and notify the sender by reply e-mail.
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subjectunsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 12-11-2008, 05:41 PM
mark
 
Default openssl and weak ciphers
Rohit khaladkar wrote:
> I guess I had this problem earlier. I changed the ssl.conf file as
> following:
>
> SSLProtocol all -SSLv2
> SSLCipherSuite
> ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL
>
There we go - I believe that line could be rewritten as

ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+SS Lv3:+TLSv1:-SSLv2:+EXP:+eNULL

There's also the question of whether you want to use SSLv1.

mark
>
> Hope this helps.
>
>
>
> Thanks!
>
> Rohit Khaladkar.
>
>
>
>
>
> On 12/11/08, Jay Berryman <jay.berryman@sitel.com> wrote:
>> I am trying to figure out how to disable weak cipher suites within
>> openssl and haven't had much luck. Does anyone know how to do this?
>>
>>
>>
>> Jay Berryman
>> Systems Engineer
>> +1 402.963.6347 T
>>
>> +1 402.963.6051 F
>> jay.berryman@sitel.com
>>
>>
>>
>> Sitel
>> 5601 N 103rd St
>> Omaha, NE 68132
>> +1 402.963.6001
>> www.sitel.com <http://www.sitel.com/>
>>
>>
>>
>> **CONFIDENTIAL NOTICE**
>> This e-mail and any files transmitted with it may contain PRIVILEGED or
>> CONFIDENTIAL information and may be read or used only by the intended
>> recipient. If you are not the intended recipient of the e-mail or any
>> of its attachments, please be advised that you have received this e-mail in
>> error and that any use, dissemination, distribution, forwarding, printing,
>> or copying of this e-mail or any attached files is strictly prohibited. If
>> you have received this e-mail in error, please immediately purge it and all
>> attachments and notify the sender by reply e-mail.
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subjectunsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 03:03 AM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -