![]() |
![]() |
Your SSL configuration should have the following options:
# This disables old, vulnerable SSL versions (SSLv2): SSLProtocol -ALL +SSLv3 +TLSv1 # This disables WEAK and MEDIUM strength ciphers: SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT
From a command prompt, run this command, making sure to enter your domain name and the port you want to check (default HTTP over SSL- 443):
openssl s_client -connect YOUR-DOMAIN-NAME-GOES-HERE:THE-PORT-NUMBER-GOES-HERE -ssl2
You should get back something like this:
CONNECTED(00000003) 82841:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s2_pkt.c:428:
If you get back something else that looks like it worked/is doing something, then you have SSLv2 enabled, which is *bad*.
; This causes the X-Powered-By: PHP header to now show up in outgoing HTTP headers expose_php = Off ; Don't show errors to the end-user display_errors = Off