Linux Admin Zone » ssl http://linuxadminzone.com Adding more reasons to celebrate Open Source. Wed, 09 May 2012 10:17:54 +0000 en hourly 1 http://wordpress.org/?v=3.3.2 Disable ssl ver 2 in apache for pci compliance http://linuxadminzone.com/disable-ssl-ver-2-in-apache-for-pci-compliance/ http://linuxadminzone.com/disable-ssl-ver-2-in-apache-for-pci-compliance/#comments Sat, 23 Jan 2010 16:36:51 +0000 jagbir http://linuxadminzone.com/?p=157 You need to disable SSL ver 2 and enable SSL ver 3 in apache for PCI compliance. Its very easy to do. Following settings will set SSL ver 3 and also disable older/unsecure cipher suite in Redhat/centos/fedora Linux server:
1. Open /etc/httpd/conf.d/ssl.conf and add or if these lines already there, edit them as per follows:

## Disbale SSLv2 and enable SSLv3
SSLProtocol -All +SSLv3 +TLSv1
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL

2. Reload httpd service to apply the new settings:

# /etc/init.d/httpd reload

3. Verify the settings by connecting to SSL ver 3 protocol:

# openssl s_client -connect localhost:443 -ssl3

It should connect. you can also try connecting to SSL ver 2 which should result in error. Request the PCI test again and it should not complain about Apache SSL related issues.

]]> http://linuxadminzone.com/disable-ssl-ver-2-in-apache-for-pci-compliance/feed/ 2