Project

General

Profile

Tâche #11331

Distribution EOLE - Scénario #10951: Désactiver le protocole SSLv3 sur les services web

Désactiver le SSLv3 sur Apache

Added by Joël Cuissinat over 6 years ago. Updated over 6 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
04/20/2015
Due date:
% Done:

100%

Estimated time:
3.00 h
Spent time:
Remaining (hours):
0.0

Associated revisions

Revision 9c140cb9 (diff)
Added by Laurent Flori over 6 years ago

Désactivation du SSLv3

  • tmpl/Vhost-ssl.conf

refs: #11331 @1h

Revision 8dfb3b9d (diff)
Added by Laurent Flori over 6 years ago

Désactivation du SSLv3

  • tmpl/Vhost-ssl.conf

refs: #11331 @30m

Revision 06546caa (diff)
Added by Joël Cuissinat over 6 years ago

Typo dans SSLProtocol

  • tmpl/Vhost-ssl.conf : correction de la ligne SSLProtocol

Ref: #11331 @10m

Revision d493a69d (diff)
Added by Laurent Flori over 6 years ago

Désactivation du SSLv3

  • tmpl/Vhost-ssl.conf

refs: #11331 @10m

Revision 0d5134fa (diff)
Added by Laurent Flori over 6 years ago

Désactivation du SSLv3 pour 2.4.1 et supérieur

  • tmpl/Vhost-ssl.conf

refs: #11331 @30m

Revision f13802b2 (diff)
Added by Laurent Flori over 6 years ago

Désactivation du SSLv3 pour 2.4.2 et supérieur

  • tmpl/Vhost-ssl.conf

refs: #11331 @10m

History

#1 Updated by Laurent Flori over 6 years ago

  • Assigned To set to Laurent Flori

#2 Updated by Daniel Dehennin over 6 years ago

  • Status changed from Nouveau to En cours

#3 Updated by Joël Cuissinat over 6 years ago

  • Status changed from En cours to Résolu

#4 Updated by Joël Cuissinat over 6 years ago

  • Remaining (hours) changed from 3.0 to 0.25

#5 Updated by Daniel Dehennin over 6 years ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) changed from 0.25 to 0.0

Ok avec eole-web version 2.4.1-17 en eole-2.4.1-proposed-updates

gnutls-cli-debug --app-proto https -p 443 scribe.ac-test.fr
GnuTLS debug client 3.3.15
Checking scribe.ac-test.fr:443
                             for SSL 3.0 (RFC6101) support... no
                        whether we need to disable TLS 1.2... no
                        whether we need to disable TLS 1.1... no
                        whether we need to disable TLS 1.0... no
                        whether %NO_EXTENSIONS is required... no
                               whether %COMPAT is required... no
                             for TLS 1.0 (RFC2246) support... yes
                             for TLS 1.1 (RFC4346) support... yes
                             for TLS 1.2 (RFC5246) support... yes
                                     for HTTPS server name... Apache
                               for certificate chain order... sorted
                  for safe renegotiation (RFC5746) support... yes
                           for heartbeat (RFC6520) support... no
                       for version rollback bug in RSA PMS... dunno
                  for version rollback bug in Client Hello... no
            whether the server ignores the RSA PMS version... no
            whether small records (512 bytes) are accepted... yes
    whether cipher suites not in SSL 3.0 spec are accepted... yes
whether a bogus TLS record version in the client hello is accepted... yes
         whether the server understands TLS closure alerts... yes
            whether the server supports session resumption... yes
                      for anonymous authentication support... no
                      for ephemeral Diffie-Hellman support... yes
                   for ephemeral EC Diffie-Hellman support... no
                  for AES-128-GCM cipher (RFC5288) support... yes
                  for AES-128-CBC cipher (RFC3268) support... yes
             for CAMELLIA-128-GCM cipher (RFC6367) support... no
             for CAMELLIA-128-CBC cipher (RFC5932) support... yes
                     for 3DES-CBC cipher (RFC2246) support... yes
                  for ARCFOUR 128 cipher (RFC2246) support... yes
                                       for MD5 MAC support... no
                                      for SHA1 MAC support... yes
                                    for SHA256 MAC support... yes
                              for ZLIB compression support... no
                     for max record size (RFC6066) support... no
                for OCSP status response (RFC6066) support... no
              for OpenPGP authentication (RFC6091) support... no

#6 Updated by Daniel Dehennin over 6 years ago

  • % Done changed from 0 to 100

Also available in: Atom PDF