This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

How do I turn off SSL v2 on port 10000

5 posts / 0 new

Topic locked

Last post

#1 Mon, 12/15/2008 - 08:01

mrdale

How do I turn off SSL v2 on port 10000

How do I turn off SSL v2 on port 10000? This is the last item I have to take care of to get a PCI certification.

Thanks in advance.

#2 Mon, 12/15/2008 - 08:09

andreychek

Hi there,

You can disable it by logging into Virtualmin, click Webmin -> Webmin -> Webmin Configuration -> SSL Encryption, and for "Allowed SSL ciphers", add this string to the text box:

HIGH:MEDIUM:-SSLv2:!ADH

And that will do it!

Don't try setting "SSL protocol version" to anything but "detect automatically", as that won't work -- but you'll disable SSLv2 traffic with the above string.
-Eric

#3 Mon, 12/15/2008 - 08:26

mrdale

Thanks Big

So how would I test whether this has taken effect?

#4 Mon, 12/15/2008 - 08:31 (Reply to #3)

andreychek

To see it work using SSLv3, type this from the command line:

openssl s_client -connect YOUR_HOST_NAME.tld:10000 -ssl3

That's what it looks like when a protocol is enabled.

Then try it with SSLv2 using this:

openssl s_client -connect YOUR_HOST_NAME.tld:10000 -ssl2

You should see a few errors, including this one:

12731:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450:

Which is essentially saying that SSLv2 is disabled.
-Eric

#5 Mon, 12/15/2008 - 08:55 (Reply to #4)

mrdale

Many Thanks!

Topic locked