AnsweredAssumed Answered

SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability - Remediation Issues

Question asked by jrichards on May 2, 2012

I am trying to remediate the ..SSLv3.0/TSLv1.0 Protocol Weak CBC Mode Vulnerability with the recommended solution and it is not working.  I am trying remediate an Apache 2.0.58 web server.  Below is the settings for the ssl.conf file:

 

<VirtualHost _default_:9002>

#   General setup for the virtual host
DocumentRoot "/home/oracle/apache2_dev2/WebComponents"
ServerName ucdbwd01.am.sony.com:9002
#ServerAdmin you@example.com
ErrorLog /home/oracle/apache2_dev2/logs/error_log
TransferLog /home/oracle/apache2_dev2/logs/access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
Loglevel debug

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.

SLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite RC4-SHA:HIGH:!ADH

 

I am unable to use the 'SSLHonorCipherOrder' field because Apache 2.0.58 does not recognize the field setting.  Any recommendations on how to remediate this vulnerability?

 

Thanks in advance,

Jim

Outcomes