But, if you’ve enabled SSLv2 in your webserver install, you’re doing administration wrong. Up to date versions of Apache’s mod_ssl don’t even support SSLv2.
If you absolutely have to have the old versions of mod_ssl installed:
SSLProtocol all -SSLv2 -SSLv3
and check just what is in ‘all’ based on your version of OpenSSL and mod_ssl.
Ummm…..ok.
Yeah, SDA isn’t the first place I come for my server-side security alerts.
Are you OK lance?!
yeah, it’s been a fun day at work. At least there’s ITIL to slow us down…
SSL??? Same s*x lust? Some silly Lib? Super Sleuthful Lance?
Am I missing anything??
Hm, wonder if this is why earth.nullschool.net is down the past few days.