Submitted by helpmin on Mon, 10/27/2014 - 16:14
Like everybody else (hopefully), I fixed the issue by adding
SSLProtocol ALL -SSLv2 -SSLv3
to apache2.conf (and scans showed the fix was OK)
But when I check with "Configure Website for SSL -> ssl options" the SSLv3 flag is still checked (even though it is really disabled).
It looks like a bug, right?
Status:
Closed (fixed)
Comments
Submitted by andreychek on Mon, 10/27/2014 - 17:58 Comment #1
Hmm, yeah, it's doing the same on my system as well.
My suspicion is that since it's not seeing the "SSLProtocol" set in that VirtualHost, it's assuming that all the protocol options are enabled.
Jamie, does that sound like what may be occurring here?
Submitted by JamieCameron on Mon, 10/27/2014 - 18:45 Comment #2
There's a bug in the UI - it isn't handling negative protocols properly. I'll fix that..
Submitted by JamieCameron on Mon, 10/27/2014 - 22:34 Comment #3
The next Webmin release will fix this.
Submitted by Issues on Mon, 11/10/2014 - 21:40 Comment #4
Automatically closed -- issue fixed for 2 weeks with no activity.