RCM 6.7 shows vulnerabilities with Apache 1.3.33
Originally Published: 2007-05-11
Article Number
Applies To
RSA Certificate Manager 6.7
Sun Solaris 2.8
Apache 1.3.33
Issue
38139 - SSL Server Has SSLv2 Enabled Vulnerability
38140 - SSL Server Supports Weak Encryption Vulnerability
Resolution
1. Open the file WebServer/conf/httpd.conf in a text editor
2. To restrict ciphersuite and Secure Transport Protocol in the httpd.conf file, alter all three occurrences of the SSLCipherSuite configuration option value as follows:
2.1 Locate the line:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:SSLv2:+EXP:+eNULL
Note: There are three occurrences of the above text: one for each of the Enrollment, Administration, and Renewal Servers.
2.2 Modify it to:
SSLCipherSuite DES-CBC3-SHA
2.3 On a new line under each altered SSLCipherSuite, add the SSLProtocol configuration option and value:
SSLProtocol +TLSv1
3. Save the httpd.conf file
Notes
Related Articles
SSA-2022-05: SecurID Authentication Manager Security Update for Third-Party Component Vulnerabilities Number of Views How to resolve 'EXP-00000: Export terminated unsuccessfully' error encountered during Oracle Export in Thor Xellerate Number of Views Authentication Manager Log Messages (23001-23091) Number of Views SOFTWARE_TOKEN_NOT_AVAILABLE_IN_SYSTEM_WITH_EXP_CRITERIA error although tokens exist in RSA Authentication Manager 8.x Number of Views Demo certificates expire in RSA Mobile 1.5 Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory
Don't see what you're looking for?
