How can we disable SSLv2 ciphers for embedded Apache Webserver that comes with Passive Capture Application (PCA)?

Answer

Contents:

Question:

How can we disable SSLv2 ciphers for embedded Apache Webserver that comes with Passive Capture Application (PCA)?

Answer:

1.Run the command:?

openssl s_client -connect localhost:8443 -ssl2?

It should connect and give you the certificate showing it is working (before we make the change).?

2.Navigate to directory:?

/usr/local/ctccap/etc?

3.Edit the http.conf?file:

vi httpd.conf?

Find the SSL section and add the following line:?

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL?

Change the plus to a ! before LOW and SSLv2 as such:?

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP:+eNULL?

4.Run the Tealeaf commands to cycle httpd?

tealeaf stop httpd?

tealeaf start httpd?

5.Verify this worked by typing the following commands:?

openssl s_client --connect localhost:8443 -ssl2?

It should not connect and should give you an error instead of the certificate showing sslv2 is no longer working?

openssl s_client --connect localhost:8443 -ssl3?should give you the certificate showing it is working?

openssl s_client --connect localhost:8443 -tls1?should also give you the certificate showing it is working

Applies to Version 8.8 (PCA 3620)