Support

bangsters · #1 02-19-2013, 01:41 PM

Hi. Our interworx box runs on cloudlinux and litespeed. We need to disable SSLv2 for PCI complaince.

How can we accomplish this? Is this on litespeed side where we need to disable?

Please advice.

Thanks

bangsters · #2 02-19-2013, 02:12 PM

We edited the ssl.conf files and changed some settings. If we try to do a test, this is what we get:

[root@server ~]# openssl s_client -ssl2 -connect 1xx.xxx.121.xxx:443
CONNECTED(00000003)
140621945898824:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:430:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 422 bytes and written 45 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1361311678
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
[root@node1 ~]#

Doesn't this mean that SSLv2 is being rejected? If so, then the server should have passed PCI scanning regarding the SSLv2.

Any idea? Am I missing a step?

webizen · #3 02-19-2013, 02:48 PM

Quote:

Originally Posted by bangsters

...
CONNECTED(00000003)
140621945898824:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:430:
...

This indicates SSL2 is disabled.

bangsters · #4 02-19-2013, 02:50 PM

Quote:

Originally Posted by webizen

This indicates SSL2 is disabled.

Yes that's what I thought so too. But then the pci report came out with 3 failures, all related to SSLv2.....

I'm having it run again.

Thank webizen for all your help