I would like to setup an Apache web server (in a VM) which only supports ONLY SSLv2 SSLProtocol for testing purposes. Are there any instructions online for that, or could anyone guide me on that?
Thanks in advance!
Asked
Active
Viewed 366 times
1 Answers
1
go to /conf/extra/httpd-ssl.conf and find out following setting:
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
you can adjust the line started with SSLCipherSuite and select protocol you want to use.
xudesheng
- 1,082
- 11
- 25
-
this is for Ubuntu Apache server? – meta_warrior Mar 26 '17 at 02:33
-
@freak_warrior You can find it in /etc/apache2/mods-available/ssl.conf in Ubuntu 16.04. – xudesheng Mar 26 '17 at 05:53
-
i got an error that 'sslv2 not supported by this version of openssl'... – meta_warrior Mar 26 '17 at 06:36
-
@freak_warrior , I believe sslv2 has been deprecated in latest version due to weaknesses in the security of the protocol. You may have to look for old version of mod_ssl. – xudesheng Mar 26 '17 at 06:51
-
so which version of ubuntu server will have an older version of mod_ssl supporting sslv2? – meta_warrior Mar 26 '17 at 09:43
-
1@freak_warrior it's a matter of openssl, not ubuntu. 1) find out where your current openssl is. 2) follow this link: http://askubuntu.com/questions/463301/how-to-install-apache-with-openssl-1-0-1 3) create a softlink to your current openssl – xudesheng Mar 26 '17 at 12:15