Message149853
| Author |
naif |
| Recipients |
gregory.p.smith, naif, pitrou |
| Date |
2011年12月19日.12:52:59 |
| SpamBayes Score |
0.0066342303 |
| Marked as misclassified |
No |
| Message-id |
<1324299180.03.0.495012472007.issue13636@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
To disable SSLv2 you must specifically disable it.
Look, i tried a server we're working on http://github.com/hellais/tor2web that's running on:
privacyresearch.infosecurity.ch port 8888
With 'HIGH:!aNULL:!eNULL' SSLv2 can connect:
openssl s_client -connect privacyresearch.infosecurity.ch:8888 -ssl2
SSLv2, Cipher is DES-CBC3-MD5
So it negotiated SSLv2 with 3DES that's not a good choice, SSLv2 must be disabled.
We must disable SSLv1 with !SSLv2, for example i am using just now 'HIGH:!aNULL:!eNULL:!SSLv2:@STRENGTH' .
Trying to connect with SSLv2 fail:
openssl s_client -connect privacyresearch.infosecurity.ch:8888 -ssl2
140735092141340:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450:
Trying to connect by default, it select a strong cipher (i still didn't setup the dh/stuff):
openssl s_client -connect privacyresearch.infosecurity.ch:8888
Connect with: TLSv1/SSLv3, Cipher is AES256-SHA |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2011年12月19日 12:53:00 | naif | set | recipients:
+ naif, gregory.p.smith, pitrou |
| 2011年12月19日 12:53:00 | naif | set | messageid: <1324299180.03.0.495012472007.issue13636@psf.upfronthosting.co.za> |
| 2011年12月19日 12:52:59 | naif | link | issue13636 messages |
| 2011年12月19日 12:52:59 | naif | create |
|