1. Introduction 1.1. Audience. Life with qmail is aimed at everyone interested in running qmail, from the rank amateur (newbie) who just installed Linux on a spare PC. Kloxo-MR is another alternative of free web hosting / server control panel that can be solution for you who don’t want to manually install webserver, MySQL and PHP. Linux Internet Web Server and Domain Configuration Tutorial HowTo Create an Apache based Linux website server. Create a web server with Linux, Apache, FTP and bind. Disable SSLv. 2 System Wide | Adam Young. For anyone that has had to deal with any of the "PCI auditing" companies you know how much of a pain in the ass SSLv. But, there's a few pretty easy ways to clear it up. Compile Open. SSL without SSLv. Ok this one is actually a joke. I hear it's possible but really who is going to waste the time. Disable it per- application. So you only got busted for having SSLv. Here's some basics. For the rest use Option 3 or RTFM and post in the comments ; -) Once you edit the correct files, Test for SSLv. Add the following line to your httpd. SSLProtocol ALL - SSLv. A more secure method to make sure you pass PCI compliance is this: SSLCipher. Suite HIGH: ! SSLv. ADH: ! a. NULL: ! NULL: ! NULLdovecot 1. Add this line to your dovecot. HIGH: MEDIUM: +TLSv. SSLv. 2: +SSLv. 3IIS 5. Microsoft has two articles on this, pick your poison: http: //support. Add to lighttpd. conf: ssl. SSLv. 3, TLSv. 1. Tls. Cipher. List HIGH: MEDIUM: +TLSv. SSLv. 2: +SSLv. 3slapdslapd. TLSCipher. Suite HIGH: MEDIUM: +TLSv. SSLv. 2: +SSLv. 3vsftpd(This is only if you have SSL support enabled). NONote on cipher lists: In the above examples I used HIGH: MEDIUM: +TLSv. SSLv. 2: +SSLv. 3 but really if you just want to disable SSLv. ALL: ! SSLv. 2. Or you can come up with your own cipher list like ALL: ! ADH: ! LOW: ! SSLv. EXP: +HIGH: +MEDIUM. This is the penicillin of the SSL world. It will cure your problems. Use this to fix those pesky programs (except FTP) that don't allow you to edit the cipher list or worst of all, don't have SSL support. Check if it's currently installed(probably if you're using RHEL): which stunnel. If it's not installed. Try to get it from the repositories: Cent. OS/RHEL: yum install stunnel. Ubuntu/Debian: apt- get install stunnel. Other: Compile from source. It's simple. Latest no- experimental build at time of writing was 4. You'll also want to install the init file. If using RHEL/Cent. OS: chkconfig - -add stunnel. Setup the Stunnel certificate. I set a valid period for 1. I don't like dealing with these things. When it asks for the FQDN enter your server address (ex: adamyoung. Setup /etc/stunnel/stunnel. For this example I'll use dovecot because I mentioned above that dovecot. You may also want to secure the server you send outgoing mail to. First, check to make sure something else (postfix?) doesn't have the port open with netstat - an | grep 4. If you see a line like this. LISTEN. Then you're already taken care of. Otherwise, add the following lines to /etc/stunnel/stunnel. Next up, you need to tell dovecot to stop listening on the IMAPS and POPS ports. Edit the protocols line of /etc/dovecot. Last step! Restart dovecot and start stunnel (in RHEL/Cent. OS you can use the service command instead). HOSTNAME: PORT - ssl. If you receive the certificate and a ton of other lines, you still have SSLv. Otherwise, if you receive anything like these you're fine: write: errno=5. F0. E5: SSL routines: SSL2_WRITE: ssl handshake failure: s.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |