====== Apache 關閉 SSL v2 的方式 ======
  * OS : CentOS 4 (CentOS 5 預設就是關閉, 可以不用處理)
  * httpd-2.0.52-41.ent.6.centos4
  * mod_ssl-2.0.52-41.ent.6.centos4

===== 設定關閉 SSL v2 =====
**重點只是在設定檔內增加 SSLProtocol all -SSLv2**
<code sh>
vi /etc/httpd/conf.d/ssl.conf
</code>
<file>
:
#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

SSLProtocol all -SSLv2

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
:
</file>
<code sh>
service httpd restart
</code>
===== 驗證確認是否關閉 =====
<code sh>
echo "HEAD / HTTP 1.0" | openssl s_client -ssl2 -connect localhost:443
</code>
**正常應該要出現類似以下訊息**
<file>
CONNECTED(00000003)
21125:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:429:
[root@eddev ~]#
</file>

**如果出現類似以下訊息表示可支援 SSL v2**
<file>
:
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : SSLv2
    Cipher    : DES-CBC3-MD5
    Session-ID: EEB8BC7BB76FF59A8AA046D531891D7B
    Session-ID-ctx:
    Master-Key: 9CDDA4BEB0E47E9087248343F0C335CE61CB762B4C77E6AF
    Key-Arg   : D0DCAB07A908DE66
    Krb5 Principal: None
    Start Time: 1265596203
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
DONE
</file>

===== 參考網頁 =====
  * http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
  * http://www.securityfocus.com/infocus/1818

{{tag>apache centos4 ssl https}}