You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2017/03/27 12:19:57 UTC

[Bug 60921] New: SSLv2 not getting disabled

https://bz.apache.org/bugzilla/show_bug.cgi?id=60921

            Bug ID: 60921
           Summary: SSLv2 not getting disabled
           Product: Apache httpd-2
           Version: 2.2.31
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: All
          Assignee: bugs@httpd.apache.org
          Reporter: abhishek.patil@diligenta.co.uk
  Target Milestone: ---

I have mentioned below entry in conf/extra/httpd-ssl.conf file but I still I
can see SSLv2 enabled in SSL labs report.

SSLProtocol All -SSLv2 -SSLv3

I tried below thing as well and it is also showing that SSLv2 is enabled!

openssl s_client -connect <target_ip>:<target_port> -ssl2

Any help please?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 60921] SSLv2 not getting disabled

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60921

William A. Rowe Jr. <wr...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |LATER
             Status|NEW                         |RESOLVED
           Keywords|                            |MassUpdate

--- Comment #1 from William A. Rowe Jr. <wr...@apache.org> ---
Please help us to refine our list of open and current defects; this is a mass
update of old and inactive Bugzilla reports which reflect user error, already
resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all
development and patch review of the 2.2.x series of releases. The final release
2.2.34 was published in July 2017, and no further evaluation of bug reports or
security risks will be considered or published for 2.2.x releases. All reports
older than 2.4.x have been updated to status RESOLVED/LATER; no further action
is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd
feature, an unexpected server behavior, problems building or installing httpd,
or working with an external component (a third party module, browser etc.) we
ask you to start by bringing your question to the User Support and Discussion
mailing list, see [https://httpd.apache.org/lists.html#http-users] for details.
Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that
you retest using a modern httpd release (2.4.33 or later) released in the past
year. If it can be reproduced, please reopen this bug and change the Version
field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the
current httpd server software release is greatly appreciated.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 60921] SSLv2 not getting disabled

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60921

Christophe JAILLET <ch...@wanadoo.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|LATER                       |INVALID
           Keywords|MassUpdate                  |

--- Comment #2 from Christophe JAILLET <ch...@wanadoo.fr> ---
Setting to INVALID.
This report is for help, not for a bug in httpd. (at least, no evidence is
provided)

Please consider reading https://httpd.apache.org/support.html and using either
IRC or our mailing list for support.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org