Ssl Version 2 (v2) Protocol Detection

Forum Moderators: phranque

Message Too Old, No Replies

Ssl Version 2 (v2) Protocol Detection

Stealth1

3:41 am on Jun 24, 2010 (gmt 0)

I am trying to bring my site up to PCI compliance so I can use PayPal Website Payments Pro and the Mcafee scan said I have the following 2 issues right now.

1. Ssl Version 2 (v2) Protocol Detection

It appears I need to disable SSL V2 and enable SSL V3 and TLS 1.0.

I tried using the following command in my .htaccess on my main page and didn't see a problem but when I clicked on another section (ie. mysite.com/store) it gave me an error. mysite.com/store has it's own .htaccess file, do I need to put this command in each one?

# enable SSLv3 and TLSv1, but not SSLv2
SSLProtocol all -SSLv2

2. OpenSSL Multiple Vulnerabilities <= 0.9.8k

Not sure how to fix this or upgrade OpenSSL

jdMorgan

2:44 pm on Jun 24, 2010 (gmt 0)

1) Put any directives you require into all .htaccess files at the top of the various 'branches' of filepath subdirectories on your server, or into the root .htaccess file.

Directives in a .htaccess file only apply to requests that resolve to that .htaccess file's directory, or to any subdirectories below that .htaccess file's directory. Lower-level .htaccess files can override higher-level .htaccess files if needed, unless the higher-level .htaccess file changes the request-path such that the lower-level .htaccess file is no longer invoked.

2) I don't really know... Get e new version and install it, or ask your host to do so.

Jim