RCM 6.7 shows vulnerabilities with Apache 1.3.33
Originally Published: 2007-05-11
Article Number
Applies To
RSA Certificate Manager 6.7
Sun Solaris 2.8
Apache 1.3.33
Issue
38139 - SSL Server Has SSLv2 Enabled Vulnerability
38140 - SSL Server Supports Weak Encryption Vulnerability
Resolution
1. Open the file WebServer/conf/httpd.conf in a text editor
2. To restrict ciphersuite and Secure Transport Protocol in the httpd.conf file, alter all three occurrences of the SSLCipherSuite configuration option value as follows:
2.1 Locate the line:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:SSLv2:+EXP:+eNULL
Note: There are three occurrences of the above text: one for each of the Enrollment, Administration, and Renewal Servers.
2.2 Modify it to:
SSLCipherSuite DES-CBC3-SHA
2.3 On a new line under each altered SSLCipherSuite, add the SSLProtocol configuration option and value:
SSLProtocol +TLSv1
3. Save the httpd.conf file
Notes
Related Articles
How to resolve 'EXP-00000: Export terminated unsuccessfully' error encountered during Oracle Export in Thor Xellerate Number of Views SSA-2022-05: SecurID Authentication Manager Security Update for Third-Party Component Vulnerabilities Number of Views Authentication Manager Log Messages (23001-23091) Number of Views SOFTWARE_TOKEN_NOT_AVAILABLE_IN_SYSTEM_WITH_EXP_CRITERIA error although tokens exist in RSA Authentication Manager 8.x Number of Views How to set the permissions for /ace/prog/sdshell; error: 'sdshell should be owned by root with ---s--x--x permissions ' Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
