Message149853
To disable SSLv2 you must specifically disable it.
Look, i tried a server we're working on http://github.com/hellais/tor2web that's running on:
privacyresearch.infosecurity.ch port 8888
With 'HIGH:!aNULL:!eNULL' SSLv2 can connect:
openssl s_client -connect privacyresearch.infosecurity.ch:8888 -ssl2
SSLv2, Cipher is DES-CBC3-MD5
So it negotiated SSLv2 with 3DES that's not a good choice, SSLv2 must be disabled.
We must disable SSLv1 with !SSLv2, for example i am using just now 'HIGH:!aNULL:!eNULL:!SSLv2:@STRENGTH' .
Trying to connect with SSLv2 fail:
openssl s_client -connect privacyresearch.infosecurity.ch:8888 -ssl2
140735092141340:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450:
Trying to connect by default, it select a strong cipher (i still didn't setup the dh/stuff):
openssl s_client -connect privacyresearch.infosecurity.ch:8888
Connect with: TLSv1/SSLv3, Cipher is AES256-SHA |
|
Date |
User |
Action |
Args |
2011-12-19 12:53:00 | naif | set | recipients:
+ naif, gregory.p.smith, pitrou |
2011-12-19 12:53:00 | naif | set | messageid: <1324299180.03.0.495012472007.issue13636@psf.upfronthosting.co.za> |
2011-12-19 12:52:59 | naif | link | issue13636 messages |
2011-12-19 12:52:59 | naif | create | |
|