Tâche #11331
Distribution EOLE - Scénario #10951: Désactiver le protocole SSLv3 sur les services web
Désactiver le SSLv3 sur Apache
Status:
Fermé
Priority:
Normal
Assigned To:
Target version:
Remaining (hours):
0.0
Associated revisions
History
#1 Updated by Laurent Flori about 8 years ago
- Assigned To set to Laurent Flori
#2 Updated by Daniel Dehennin about 8 years ago
- Status changed from Nouveau to En cours
#3 Updated by Joël Cuissinat about 8 years ago
- Status changed from En cours to Résolu
#4 Updated by Joël Cuissinat about 8 years ago
- Remaining (hours) changed from 3.0 to 0.25
#5 Updated by Daniel Dehennin about 8 years ago
- Status changed from Résolu to Fermé
- Remaining (hours) changed from 0.25 to 0.0
Ok avec eole-web version 2.4.1-17 en eole-2.4.1-proposed-updates
gnutls-cli-debug --app-proto https -p 443 scribe.ac-test.fr
GnuTLS debug client 3.3.15
Checking scribe.ac-test.fr:443
for SSL 3.0 (RFC6101) support... no
whether we need to disable TLS 1.2... no
whether we need to disable TLS 1.1... no
whether we need to disable TLS 1.0... no
whether %NO_EXTENSIONS is required... no
whether %COMPAT is required... no
for TLS 1.0 (RFC2246) support... yes
for TLS 1.1 (RFC4346) support... yes
for TLS 1.2 (RFC5246) support... yes
for HTTPS server name... Apache
for certificate chain order... sorted
for safe renegotiation (RFC5746) support... yes
for heartbeat (RFC6520) support... no
for version rollback bug in RSA PMS... dunno
for version rollback bug in Client Hello... no
whether the server ignores the RSA PMS version... no
whether small records (512 bytes) are accepted... yes
whether cipher suites not in SSL 3.0 spec are accepted... yes
whether a bogus TLS record version in the client hello is accepted... yes
whether the server understands TLS closure alerts... yes
whether the server supports session resumption... yes
for anonymous authentication support... no
for ephemeral Diffie-Hellman support... yes
for ephemeral EC Diffie-Hellman support... no
for AES-128-GCM cipher (RFC5288) support... yes
for AES-128-CBC cipher (RFC3268) support... yes
for CAMELLIA-128-GCM cipher (RFC6367) support... no
for CAMELLIA-128-CBC cipher (RFC5932) support... yes
for 3DES-CBC cipher (RFC2246) support... yes
for ARCFOUR 128 cipher (RFC2246) support... yes
for MD5 MAC support... no
for SHA1 MAC support... yes
for SHA256 MAC support... yes
for ZLIB compression support... no
for max record size (RFC6066) support... no
for OCSP status response (RFC6066) support... no
for OpenPGP authentication (RFC6091) support... no
#6 Updated by Daniel Dehennin about 8 years ago
- % Done changed from 0 to 100