000025822 - RCM 6.7 shows vulnerabilities with Apache 1.3.33

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025822
Applies ToRSA Registration Manager 6.7
RSA Certificate Manager 6.7
Sun Solaris 2.8
Apache 1.3.33
IssueRCM 6.7 shows vulnerabilities with Apache 1.3.33
38139 - SSL Server Has SSLv2 Enabled Vulnerability
38140 - SSL Server Supports Weak Encryption Vulnerability
ResolutionAnalysis:  The Default httpd.conf configuration files support SSLv2 with various encryption algorithms. The configuration can be changed as follows (from CC Installation Guide):

1. Open the file WebServer/conf/httpd.conf in a text editor

2. To restrict ciphersuite and Secure Transport Protocol in the httpd.conf file, alter all three occurrences of the SSLCipherSuite configuration option value as follows:

   2.1 Locate the line:
          SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:SSLv2:+EXP:+eNULL

        Note: There are three occurrences of the above text: one for each of the Enrollment, Administration, and Renewal Servers.

   2.2 Modify it to:
          SSLCipherSuite DES-CBC3-SHA

   2.3 On a new line under each altered SSLCipherSuite, add the SSLProtocol configuration option and value:
          SSLProtocol +TLSv1

3. Save the httpd.conf file
NotesBZ 53842
Legacy Article IDa34724

Attachments

    Outcomes