Ssl2 + ssl3 disable: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
Zeile 21: Zeile 21:
 
===submission===
 
===submission===
 
*openssl s_client -ssl3 -connect www.example.com:587
 
*openssl s_client -ssl3 -connect www.example.com:587
=Openldap=
+
=Openldap(test)=
 
*cat tls-min.ldif  
 
*cat tls-min.ldif  
 
  dn: cn=config
 
  dn: cn=config
Zeile 27: Zeile 27:
 
  replace: olcTLSProtocolMin
 
  replace: olcTLSProtocolMin
 
  olcTLSProtocolMin: 3.2
 
  olcTLSProtocolMin: 3.2
*cat tls-min.ldif | ldapmodify -Y EXTERNAL -H ldapi:///
+
*ldapmodify -Y EXTERNAL -H ldapi:/// -f tls-min.ldif
  
 
=Source=
 
=Source=
 
*https://www.heinlein-support.de/blog/security/deaktivieren-sie-sslv3-apachepostfixdovecot-poodle-bug/
 
*https://www.heinlein-support.de/blog/security/deaktivieren-sie-sslv3-apachepostfixdovecot-poodle-bug/

Version vom 5. November 2018, 14:00 Uhr

Apache2 SSLv3 deactivate

  • cat /etc/apache2/httpd.conf
SSLProtocol ALL -SSLv2 -SSLv3

Dovecot SSLv3 deactivate

  • cat /etc/dovecot/conf.d/10-ssl.conf
ssl_protocols = !SSLv2 !SSLv3

Postfix SSLv3 deactivate

  • cat /etc/postfix/main.cf
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_protocols = !SSLv2 !SSLv3

Tests

Apache2

  • openssl s_client -ssl3 -connect www.example.com:443

Dovecot

  • openssl s_client -ssl3 -connect www.example.com:993

Postfix

smtps

  • openssl s_client -ssl3 -connect www.example.com:465

submission

  • openssl s_client -ssl3 -connect www.example.com:587

Openldap(test)

  • cat tls-min.ldif
dn: cn=config
changetype: modify
replace: olcTLSProtocolMin
olcTLSProtocolMin: 3.2
  • ldapmodify -Y EXTERNAL -H ldapi:/// -f tls-min.ldif

Source

Abgerufen von „http://wiki.ixheim.de/index.php?title=Ssl2_%2B_ssl3_disable&oldid=17537