Test for SSL version
Most web servers that run SSL (https) run on SSL version 3 or TLS version 1. There are still some outdated servers running SSL version 2.
To check if your web server is running SSL v2.0, run this on your Unix/Linux console:
openssl s_client -connect localhost:443 -ssl2
If it shows an error like
SSL2_WRITE:ssl handshake failure:s2_pkt.c, it means SSL v2.0 has been disabled.
EXAMPLE: Lets test if slashdot.org is running SSL v2.0 or v3.0.
Check for SSL version 2
$ openssl s_client -connect slashdot.org:443 -ssl2 CONNECTED(00000004) 11358:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
Check for SSL version 3
$ openssl s_client -connect slashdot.org:443 -ssl2 CONNECTED(00000004) depth=0 /C=US/O=slashdot.org/OU=3246035501/OU=See www.geotrust.com/resources/cps (c)08/OU= Domain Control Validated - QuickSSL(R)/CN=slashdot.org verify error:num=20:unable to get local issuer certificate verify return:1 ........ ........ ........ New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : RC4-MD5
Enable version SSLv3 and disable SSLv2
Edit Apache's ssl.conf and include these lines at minimum:
SSLProtocol -all +SSLv3 SSLCipherSuite SSLv3:+HIGH:+MEDIUM
Restart Apache and you're good to go.
Created on 01 October 2008
Affiliate Disclosure: Some of the links to products on this blog are affiliate links. It simply means, at no additional cost to you, we’ll earn a commission if you click through and buy any product.