RCM 6.7 shows vulnerabilities with Apache 1.3.33
Originally Published: 2007-05-11
Article Number
Applies To
RSA Certificate Manager 6.7
Sun Solaris 2.8
Apache 1.3.33
Issue
38139 - SSL Server Has SSLv2 Enabled Vulnerability
38140 - SSL Server Supports Weak Encryption Vulnerability
Resolution
1. Open the file WebServer/conf/httpd.conf in a text editor
2. To restrict ciphersuite and Secure Transport Protocol in the httpd.conf file, alter all three occurrences of the SSLCipherSuite configuration option value as follows:
2.1 Locate the line:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:SSLv2:+EXP:+eNULL
Note: There are three occurrences of the above text: one for each of the Enrollment, Administration, and Renewal Servers.
2.2 Modify it to:
SSLCipherSuite DES-CBC3-SHA
2.3 On a new line under each altered SSLCipherSuite, add the SSLProtocol configuration option and value:
SSLProtocol +TLSv1
3. Save the httpd.conf file
Notes
Related Articles
How to resolve 'EXP-00000: Export terminated unsuccessfully' error encountered during Oracle Export in Thor Xellerate Number of Views SSA-2022-05: SecurID Authentication Manager Security Update for Third-Party Component Vulnerabilities Number of Views SSA-2022-09: SecurID Authentication Manager Security Update for Third-Party Component Vulnerabilities Number of Views Authentication Manager Log Messages (23001-23091) Number of Views SSA-2022-08: SecurID Authentication Manager Security Update for Third-Party Component Vulnerabilities Number of Views
Trending Articles
Don't see what you're looking for?
