Disable SSLv2 in Webmin

I’ve been battling with Webmin trying to get SSLv2 turned off so I can comply with Hackersafe/McAfee Secure.

I managed to do it this morning, this is how I did it:

– Upgrade to version 1.430
– Webmin -> Webmin Configuration -> SSL Encryption
– Enter HIGH:-SSLv2:-aNULL into the Allowed SSL Ciphers field (new as of 1.430)
– Restart Webmin

You can check that SSLv2 is disabled by running this from the shell/command line:
openssl s_client -connect localhost:10000 -ssl2

If you get lines like these, SSLv2 is disabled:
419:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
420:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450:

1 thought on “Disable SSLv2 in Webmin

  1. Pingback: Web Jetty musings » Is the PCI scan on your webmin revealing weak SSL ciphers?

Leave a Reply

Your email address will not be published. Required fields are marked *