Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2175
Views
5
Helpful
2
Replies

Deprecated SSLv2 and SSLv3 Protocol Detection

anagare01
Level 1
Level 1

‎01-27-2017 02:58 AM

 How to  disable the deprecated SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols on access switches

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-27-2017 11:34 AM

A lot of the time if you just upgrade to current software it gets disabled automatically.

0 Helpful

jsah
Cisco Employee
Cisco Employee

‎01-31-2017 08:20 PM

Hi,

To avoid this vulnerability, Red Hat recommends disabling SSL and using only TLSv1.1 or TLSv1.2. Backwards compatibility can be achieved using TLSv1.0. Many products Red Hat supports have the ability to use SSLv2 or SSLv3 protocols, or enable them by default. However use of SSLv2 or SSLv3 is now strongly recommended against.

The SSL/TLS support in httpd can be provided by the mod_ssl module using the OpenSSL library, or by the mod_nss module using the NSS library.

Examples below enable all TLS versions currently supported by specified product versions.

Disabling SSL 3.0 in mod_ssl:

To mitigate this vulnerability as it affects httpd using mod_ssl, set the SSLProtocol directive as follows in /etc/httpd/conf.d/ssl.conf:

Note: This directive must either be located at the topmost level of the configuration file, or inside the default virtual host configuration for an address.

More information available below: 

https://access.redhat.com/solutions/1232413

Customers Also Viewed These Support Documents