El 19/04/11 11:14, Jan-Simon Möller escribió:
Am Dienstag, 19. April 2011, 15:59:08 schrieb Cristian Rodríguez:
Yes, it is unstable atm, also, it allows SSLv2 ! looks like someone forgot to disable it in the vhost configuration...
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP: +eNULL
How should this line look like then ?
Still SSlv2 is enabled, including very weak ciphers /sslscan --renegotiation --no-failed login.opensuse.org cristian@linux-us4g _ ___ ___| |___ ___ __ _ _ __ / __/ __| / __|/ __/ _` | '_ \ __ __ \ __ \ (_| (_| | | | | |___/___/_|___/_____,_|_| |_| sslscan version 1.8.3rc3 OpenSSL 1.0.0d 8 Feb 2011 Testing SSL server login.opensuse.org on port 443 TLS renegotiation: Secure session renegotiation supported Supported Server Cipher(s): Accepted SSLv2 168 bits DES-CBC3-MD5 Accepted SSLv2 128 bits RC2-CBC-MD5 Accepted SSLv2 128 bits RC4-MD5 Accepted SSLv2 56 bits DES-CBC-MD5 Accepted SSLv2 40 bits EXP-RC2-CBC-MD5 Accepted SSLv2 40 bits EXP-RC4-MD5 Accepted SSLv3 256 bits DHE-RSA-AES256-SHA Accepted SSLv3 256 bits DHE-RSA-CAMELLIA256-SHA Accepted SSLv3 256 bits AES256-SHA Accepted SSLv3 256 bits CAMELLIA256-SHA Accepted SSLv3 168 bits EDH-RSA-DES-CBC3-SHA Accepted SSLv3 168 bits DES-CBC3-SHA Accepted SSLv3 128 bits DHE-RSA-AES128-SHA Accepted SSLv3 128 bits DHE-RSA-CAMELLIA128-SHA Accepted SSLv3 128 bits AES128-SHA Accepted SSLv3 128 bits CAMELLIA128-SHA Accepted SSLv3 128 bits RC4-SHA Accepted SSLv3 128 bits RC4-MD5 Accepted SSLv3 56 bits EDH-RSA-DES-CBC-SHA Accepted SSLv3 56 bits DES-CBC-SHA Accepted SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA Accepted SSLv3 40 bits EXP-DES-CBC-SHA Accepted SSLv3 40 bits EXP-RC2-CBC-MD5 Accepted SSLv3 40 bits EXP-RC4-MD5 Accepted TLSv1 256 bits DHE-RSA-AES256-SHA Accepted TLSv1 256 bits DHE-RSA-CAMELLIA256-SHA Accepted TLSv1 256 bits AES256-SHA Accepted TLSv1 256 bits CAMELLIA256-SHA Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA Accepted TLSv1 168 bits DES-CBC3-SHA Accepted TLSv1 128 bits DHE-RSA-AES128-SHA Accepted TLSv1 128 bits DHE-RSA-CAMELLIA128-SHA Accepted TLSv1 128 bits AES128-SHA Accepted TLSv1 128 bits CAMELLIA128-SHA Accepted TLSv1 128 bits RC4-SHA Accepted TLSv1 128 bits RC4-MD5 Accepted TLSv1 56 bits EDH-RSA-DES-CBC-SHA Accepted TLSv1 56 bits DES-CBC-SHA Accepted TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA Accepted TLSv1 40 bits EXP-DES-CBC-SHA Accepted TLSv1 40 bits EXP-RC2-CBC-MD5 Accepted TLSv1 40 bits EXP-RC4-MD5 Prefered Server Cipher(s): SSLv2 168 bits DES-CBC3-MD5 SSLv3 256 bits DHE-RSA-AES256-SHA TLSv1 256 bits DHE-RSA-AES256-SHA -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org