Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: HOW TO DISABLE SSL/TLS RENEGOTIATION?
Operating Systems Linux Red Hat HOW TO DISABLE SSL/TLS RENEGOTIATION? Post 302569285 by manalisharmabe on Sunday 30th of October 2011 04:35:03 PM
Old 10-30-2011
I had already seen that parameter on internet.

I have made required changes like

in /etc/https/conf.d/ssl.conf

i have put

SSLInsecureRenegotiation off

But do I need to restart any service to take this effect?

like service sshd restart?

or service httpd restart?


Please reply!

Thanks!
Last edited by Scott; 10-30-2011 at 06:26 PM..
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Secure ftp using ssl/tls

We have a requirement to setup secure ftp between our AIX v5.3 system and our mainframe. We don't want to use openssh with sftp and scp. Our mainframe uses ftp over ssl/tls so we have to use this on our AIX box. We have openssl on our AIX system but I'm not sure how to setup ssl/tls over ftp on... (4 Replies)
Discussion started by: DANNYC
4 Replies

2. Cybersecurity

TLS/SSL vulnerability explained

Here's a pretty good, and even PHB-compatible, explanation of the current TLS/SSl protocol vulnerability, including samples. (0 Replies)
Discussion started by: pludi
0 Replies

3. UNIX for Dummies Questions & Answers

TLS/SSL Openldap Centos 5.5

hi guys I configured my openldap but now I want to implement SSL-TLS This is my basic slapd.conf configuration include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include ... (2 Replies)
Discussion started by: karlochacon
2 Replies

4. Linux

SSL/TLS uses the public key to encrypt data ?

Hi, I have a doubt..whether the SSL/TLS protocol uses the public key of the web server to encrypt data before sending it. I knew the browser verifies the public key of the web server using the digital certificate (by verifying the signature of the certificate using trusted authority). whether... (2 Replies)
Discussion started by: chaitus.28
2 Replies

5. Red Hat

SSL/TLS renegotiation DoS -how to disable? Is it advisable to disable?

Hi all Expertise, I have following issue to solve, SSL / TLS Renegotiation DoS (low) 222.225.12.13 Ease of Exploitation Moderate Port 443/tcp Family Miscellaneous Following is the problem description:------------------ Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies

6. UNIX for Advanced & Expert Users

ldap over tls -- ssl cert help

Hey Guys, I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get... (0 Replies)
Discussion started by: s ladd
0 Replies

7. Cybersecurity

How to disable TLS 1.0 support in Solaris

Hey Guys, I have a couple servers that are getting flagged by by our network security team. How do I disable TLS 1.0 protocol within Solaris? The vulnerability is : CVE-2011-3389 TLS-SSL Server Blockwise Chosen-Boundary Browser Weakness (2 Replies)
Discussion started by: s ladd
2 Replies

8. Shell Programming and Scripting

SSH shell script to access FTP over explicit TLS/SSL

Hello, I use the following SSH script to upload *.jpg files via FTP: #!/usr/bin/expect set timeout -1 spawn ftp -v -i expect "" send "\r" expect "Password:" send "\r" expect "ftp>" send "mput *.jpg\r" expect "ftp>" send "quit\r" replaced with actual ftp server/account data. ... (5 Replies)
Discussion started by: mrpi007
5 Replies

9. UNIX for Advanced & Expert Users

SSL/TLS with openldap

Hello to all, I'm beguinner in Linux instalations and I'm trying to Communicate from Web Sites that i have running under apache with openLDAP for users authentication using SSL mediation that seems to be connected with LDAPS. Can someone advise me how to do this, I have already installed... (1 Reply)
Discussion started by: CPMarco
1 Replies

LEARN ABOUT OSX

httpd

HTTPD(8)							       httpd								  HTTPD(8)

NAME

       httpd - Apache Hypertext Transfer Protocol Server

SYNOPSIS

       httpd [ -d serverroot ] [ -f config ] [ -C directive ] [ -c directive ] [ -D parameter ] [ -e level ] [ -E file ] [ -k start|restart|grace-
       ful|stop|graceful-stop ] [ -R directory ] [ -h ] [ -l ] [ -L ] [ -S ] [ -t ] [ -v ] [ -V ] [ -X ] [ -M ] [ -T ]

       On Windows systems, the following additional arguments are available:

       httpd [ -k install|config|uninstall ] [ -n name ] [ -w ]

SUMMARY

       httpd is the Apache HyperText Transfer Protocol (HTTP) server program. It is designed to be run as a standalone daemon process.	When  used
       like this it will create a pool of child processes or threads to handle requests.

       In  general, httpd should not be invoked directly, but rather should be invoked via apachectl on Unix-based systems or as a service on Win-
       dows NT, 2000 and XP and as a console application on Windows 9x and ME.

OPTIONS

       -d serverroot
	      Set the initial value for the ServerRoot directive to serverroot. This can be overridden by the ServerRoot directive in the configu-
	      ration file. The default is /usr/local/apache2.

       -f config
	      Uses  the directives in the file config on startup. If config does not begin with a /, then it is taken to be a path relative to the
	      ServerRoot. The default is conf/httpd.conf.

       -k start|restart|graceful|stop|graceful-stop
	      Signals httpd to start, restart, or stop. See Stopping Apache httpd for more information.

       -C directive
	      Process the configuration directive before reading config files.

       -c directive
	      Process the configuration directive after reading config files.

       -D parameter
	      Sets a configuration parameter which can be used with <IfDefine> sections in  the  configuration	files  to  conditionally  skip	or
	      process commands at server startup and restart. Also can be used to set certain less-common startup parameters including -DNO_DETACH
	      (prevent the parent from forking) and -DFOREGROUND (prevent the parent from calling setsid() et al).

       -e level
	      Sets the LogLevel to level during server startup. This is useful for temporarily increasing the verbosity of the error  messages	to
	      find problems during startup.

       -E file
	      Send error messages during server startup to file.

       -R directory
	      When the server is compiled using the SHARED_CORE rule, this specifies the directory for the shared object files.

       -h     Output a short summary of available command line options.

       -l     Output  a  list  of  modules  compiled  into the server. This will not list dynamically loaded modules included using the LoadModule
	      directive.

       -L     Output a list of directives together with expected arguments and places where the directive is valid.

       -M     Dump a list of loaded Static and Shared Modules.

       -S     Show the settings as parsed from the config file (currently only shows the virtualhost settings).

       -T (Available in 2.2.17 and later)
	      Skip document root check at startup/restart.

       -t     Run syntax tests for configuration files only. The program immediately exits after these syntax parsing tests with either  a  return
	      code  of 0 (Syntax OK) or return code not equal to 0 (Syntax Error). If -D DUMP_VHOSTS is also set, details of the virtual host con-
	      figuration will be printed. If -D DUMP_MODULES  is set, all loaded modules will be printed.

       -v     Print the version of httpd, and then exit.

       -V     Print the version and build parameters of httpd, and then exit.

       -X     Run httpd in debug mode. Only one worker will be started and the server will not detach from the console.

       The following arguments are available only on the Windows platform:

       -k install|config|uninstall
	      Install Apache httpd as a Windows NT service; change startup options for the Apache httpd service; and uninstall	the  Apache  httpd
	      service.

       -n name
	      The name of the Apache httpd service to signal.

       -w     Keep the console window open on error so that the error message can be read.

Apache HTTP Server						    2012-02-10								  HTTPD(8)
All times are GMT -4. The time now is 03:14 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy