顯示頁面舊版反向連結Fold/unfold all回到頁頂 本頁是唯讀的,您可以看到原始碼,但不能更動它。您如果覺得它不應被鎖上,請詢問管理員。 ====== Apache 關閉 SSL v2 的方式 ====== * OS : CentOS 4 (CentOS 5 預設就是關閉, 可以不用處理) * httpd-2.0.52-41.ent.6.centos4 * mod_ssl-2.0.52-41.ent.6.centos4 ===== 設定關閉 SSL v2 ===== **重點只是在設定檔內增加 SSLProtocol all -SSLv2** <code sh> vi /etc/httpd/conf.d/ssl.conf </code> <file> : # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLProtocol all -SSLv2 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP : </file> <code sh> service httpd restart </code> ===== 驗證確認是否關閉 ===== <code sh> echo "HEAD / HTTP 1.0" | openssl s_client -ssl2 -connect localhost:443 </code> **正常應該要出現類似以下訊息** <file> CONNECTED(00000003) 21125:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:429: [root@eddev ~]# </file> **如果出現類似以下訊息表示可支援 SSL v2** <file> : --- New, SSLv2, Cipher is DES-CBC3-MD5 Server public key is 1024 bit SSL-Session: Protocol : SSLv2 Cipher : DES-CBC3-MD5 Session-ID: EEB8BC7BB76FF59A8AA046D531891D7B Session-ID-ctx: Master-Key: 9CDDA4BEB0E47E9087248343F0C335CE61CB762B4C77E6AF Key-Arg : D0DCAB07A908DE66 Krb5 Principal: None Start Time: 1265596203 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- DONE </file> ===== 參考網頁 ===== * http://httpd.apache.org/docs/2.0/mod/mod_ssl.html * http://www.securityfocus.com/infocus/1818 {{tag>apache centos4 ssl https}} tech/apache_sslv2.txt 上一次變更: 2010/02/08 10:34由 jonathan