Re: Disabling sslv2 on linux for port 636.

Rohit khaladkar wrote:
Here they are :
[root@puiqtk01 conf]# lsof -i :636
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
slapd 3498 ldap 9u IPv6 11266 TCP *:ldaps (LISTEN)
slapd 3498 ldap 10u IPv4 11267 TCP *:ldaps (LISTEN)

Showing this has nothing at all to do with apache.

Is this server an LDAP server, as well? Do you use it as one, or is it required
for logins? If none of the above is true, then you need to shut down the LDAP
daemon.

mark

Thanks!
Rohit Khaladkar

On Tue, Jun 2, 2009 at 8:32 PM, Harry Hoffman <hhoffman@xxxxxxxxxxxxxxxx>wrote:

Can you run (as root)

lsof -i :636

and paste the results?

Cheers,
Harry


Rohit khaladkar wrote:

Thanks Nigel.
I am editing /opt/ABC/CCR/Apache2/conf/ssl.conf file.






On Tue, Jun 2, 2009 at 8:04 PM, Nigel Wade <nmw@xxxxxxxxxxxx> wrote:

Rohit khaladkar wrote:
Hi All,I want to disable ssl2 on a linux server for Port 636. Here is
the
procedure that I followed :

1)Edit ssl.conf and added following entries in it .

SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL
SSLProtocol -All +SSLv3 +TLSv1

2)Restarted Apache service.

3)Restarted network.

I checked if ssl2 is disabled using the following command :

openssl s_client -connect hostname:636 -ssl2

where hostname= server name

But it still shows me the certificate. I even tried rebooting the
machine
,
but no luck.

Am I missing anything here?.


Port 636 is normally the ldaps port, ie. SSL encrypted LDAP. Are you
really
listening on that port with Apache? Which ssl.conf did you edit, a full
path
would be rather more specific than just a filename?

Maybe you want to replace 636 with 443 (https) as the openssl request
port.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw@xxxxxxxxxxxx
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list




--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list





--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • [opensuse] Unable to get Suse 10.1 + apache + ldap with TLS authentication to work
    ... openldap server. ... Both the apache and ldap servers are from the Suse 10.1 Pro distribution. ... Other services can authenticate against the ldap server with TLS, ...
    (SuSE)
  • LDAP server to client communications
    ... I am using AD for authorization to access some apache directories via ... I see the AD DC/LDAP server (which holds all FSMO roles in ... Other than LDAP, there is no reason for the LDAP server to ... communicate with the server running apache. ...
    (microsoft.public.windows.server.active_directory)
  • Sudden "Cant contact LDAP server" errors
    ... I'm running a Ubuntu Apache server which serves up only SVN and TRAC sites. ... All the SVN and TRAC repos use LDAP to authenticate, and the LDAP server is a Windows Active Directory server on the same network. ... When this happens, you *can* happily do an ldap-search from the terminal and get valid results, and other boxes which authenticate against the AD server all work fine during this time. ...
    (Ubuntu)
  • Debian and Apache2 nested group ldap support
    ... I would like to ask a question about an LDAP + Apache2 related ... The apache packages installed: ... Server - high speed threaded mod ... Invalid command 'AuthLDAPSubGroupClass', perhaps misspelled or defined ...
    (Debian-User)
  • Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?
    ... used 3.0.9 on SCO 5.0.6 for quite some time after suffering problems I ... a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. ... and no LDAP server (although there were the ... share on the SCO server without any smbpasswd on that server! ...
    (comp.unix.sco.misc)