Archive

Posts Tagged ‘security’

Disable SSLv2 in Webmin

September 22nd, 2008 No comments

I’ve been battling with Webmin trying to get SSLv2 turned off so I can comply with Hackersafe/McAfee Secure.

I managed to do it this morning, this is how I did it:

– Upgrade to version 1.430
– Webmin -> Webmin Configuration -> SSL Encryption
– Enter HIGH:-SSLv2:-aNULL into the Allowed SSL Ciphers field (new as of 1.430)
– Restart Webmin

You can check that SSLv2 is disabled by running this from the shell/command line:
openssl s_client -connect localhost:10000 -ssl2

If you get lines like these, SSLv2 is disabled:
419:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
420:error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list:s2_clnt.c:450: