https://bugzilla.novell.com/show_bug.cgi?id=693479
https://bugzilla.novell.com/show_bug.cgi?id=693479#c3
--- Comment #3 from Adrian Dimcev 2011-05-13 12:27:50 UTC ---
"Suse Linux Enterprise Server 11 SP1 fails to ship a proper SSL/TLS sample
configuration." -> in the context of "The results are somehow mixed." -> where
results = "Specifically basic settings were verified, nothing really advanced;
the SSL/TLS protocols enabled by default(SSL 2.0 to be disabled as per RFC
6176), cipher suites enabled by default(if any weak or export ciphers suites
are enabled), secure renegotiation patch support and the underlying OpenSSL
version shipped with the OS."
"Did not encounter major issues either in quickly have a default SSL site up
and running on Suse Linux Enterprise Server 11 SP1." -> a few words mentioning
that for the test's needed functionality(have a default HTTPS web site up and
running, point the scanner against it and obtain the results) no issues were
encountered and the setup was easy.
So basically it's easy to have a default HTTPS web site up and running but in
terms of SSL protocol version and cipher suites support the default
configuration is inappropriate.
Thanks,
Adrian
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.