Title	RCM 6.7 shows vulnerabilities with Apache 1.3.33

URL Name	a34724-RCM-6-7-shows-vulnerabilities-with-Apache-1-3-33

Summary

Validation Status	Work in Progress

Age	6,218.92

Translate To

Applies To

RSA Registration Manager 6.7
RSA Certificate Manager 6.7
Sun Solaris 2.8
Apache 1.3.33

Issue

RCM 6.7 shows vulnerabilities with Apache 1.3.33
38139 - SSL Server Has SSLv2 Enabled Vulnerability
38140 - SSL Server Supports Weak Encryption Vulnerability

Cause

Resolution

Analysis:  The Default httpd.conf configuration files support SSLv2 with various encryption algorithms. The configuration can be changed as follows (from CC Installation Guide):

1. Open the file WebServer/conf/httpd.conf in a text editor

2. To restrict ciphersuite and Secure Transport Protocol in the httpd.conf file, alter all three occurrences of the SSLCipherSuite configuration option value as follows:

   2.1 Locate the line:
          SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:SSLv2:+EXP:+eNULL

        Note: There are three occurrences of the above text: one for each of the Enrollment, Administration, and Renewal Servers.

   2.2 Modify it to:
          SSLCipherSuite DES-CBC3-SHA

   2.3 On a new line under each altered SSLCipherSuite, add the SSLProtocol configuration option and value:
          SSLProtocol +TLSv1

3. Save the httpd.conf file

Workaround

Notes

BZ 53842

Legacy Article ID 000025822

Audience	External

Article Source	Conversion

Original Article Author	vamato

Original Created Date	5/11/2007 8:31 PM

Owner	Admin6 Integration (R3 Propel)

Assigned To

Assigned By

Assignment Note

Assignment Due Date

Publication Status	Published

Article Type	Knowledge

Article Number	000042224

Created By	Admin6 Integration (R3 Propel)

Last Modified By	Admin9 Integration (AWS)

Language	English