{"id":316,"date":"2009-06-30T10:19:40","date_gmt":"2009-06-30T10:19:40","guid":{"rendered":"http:\/\/g33kinfo.com\/info\/index.php\/?p=316"},"modified":"2009-06-30T10:19:40","modified_gmt":"2009-06-30T10:19:40","slug":"disable-sslv2-on-cpanel-and-apache-ports","status":"publish","type":"post","link":"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/","title":{"rendered":"Disable SSLv2 on cPanel and Apache Ports"},"content":{"rendered":"<p>On this post we are going to show how to quickly patch a common PCI Vulnerability Alert that says something like this:<br \/>\n\u201cThe remote service appears to encrypt traffic using SSL protocol version 2?.<\/p>\n<p>In Apache common ports 80 and 443, you need to modify the SSLCipherSuite directive in the httpd.conf or ssl.conf file.<br \/>\nAn example would be editing the following lines to something like:<\/p>\n<p>   1.<br \/>\n      SSLProtocol -ALL +SSLv3 +TLSv1<br \/>\n   2.<br \/>\n      SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP<\/p>\n<p>After you have done this, if you see you are still getting PCI Compliance vulnerability emails regarding to this issue its probably that cPanel is still allowing SSLv2 on their ports.<\/p>\n<p>To quickly disable SSL version 2 on cPanel ports: 2082, 2083, 2086, 2087, 2095, 2096. You will need to do the following:<\/p>\n<p>    edit \/var\/cpanel\/cpanel.config and change nativessl=1 to nativessl=0<\/p>\n<p>This will make cPanel to use sTunnel.<\/p>\n<p>    edit \/usr\/local\/cpanel\/etc\/stunnel\/default\/stunnel.conf<\/p>\n<p>and add:<\/p>\n<p>   1.<br \/>\n      options = NO_SSLv2<\/p>\n<p>just below the \u201cAuthentication stuff\u201d tab.<\/p>\n<p>After you have done all this you will need to restart cPanel:<\/p>\n<p>   1.<br \/>\n      \/etc\/init.d\/cpanel restart<\/p>\n<p>Done!<\/p>\n<p>How to quickly check this?<\/p>\n<p>SSH to your server and type the following commands<\/p>\n<p>   1.<br \/>\n      root@cPanel [~]# openssl s_client -ssl2 -connect localhost:2096<br \/>\n   2.<br \/>\n      root@cPanel [~]# openssl s_client -ssl2 -connect localhost:2083<br \/>\n   3.<br \/>\n      root@cPanel [~]# openssl s_client -ssl2 -connect localhost:2087<br \/>\n   4.<br \/>\n      root@cPanel [~]# openssl s_client -ssl2 -connect localhost:2086<\/p>\n<p>If everything is fine you should receive something like this,<\/p>\n<p>   1.<br \/>\n      root@cPanel [~]# openssl s_client -ssl2 -connect localhost:2096<br \/>\n   2.<br \/>\n      CONNECTED(00000003)<br \/>\n   3.<br \/>\n      write:errno=104<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On this post we are going to show how to quickly patch a common PCI Vulnerability Alert that says something like this: \u201cThe remote service appears to encrypt traffic using SSL protocol version 2?. In Apache common ports 80 and 443, you need to modify the SSLCipherSuite directive in the httpd.conf or ssl.conf file. An&#8230; <\/p>\n<div class=\"read-more navbutton\"><a href=\"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/\">Read More<i class=\"fa fa-angle-double-right\"><\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-316","post","type-post","status-publish","format-standard","hentry","category-info"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Disable SSLv2 on cPanel and Apache Ports - Linux Shtuff<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Disable SSLv2 on cPanel and Apache Ports - Linux Shtuff\" \/>\n<meta property=\"og:description\" content=\"On this post we are going to show how to quickly patch a common PCI Vulnerability Alert that says something like this: \u201cThe remote service appears to encrypt traffic using SSL protocol version 2?. In Apache common ports 80 and 443, you need to modify the SSLCipherSuite directive in the httpd.conf or ssl.conf file. An... Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Shtuff\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:author\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:published_time\" content=\"2009-06-30T10:19:40+00:00\" \/>\n<meta name=\"author\" content=\"g33kadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/drsinger1111\" \/>\n<meta name=\"twitter:site\" content=\"@drsinger1111\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-sslv2-on-cpanel-and-apache-ports\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-sslv2-on-cpanel-and-apache-ports\\\/\"},\"author\":{\"name\":\"g33kadmin\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"headline\":\"Disable SSLv2 on cPanel and Apache Ports\",\"datePublished\":\"2009-06-30T10:19:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-sslv2-on-cpanel-and-apache-ports\\\/\"},\"wordCount\":253,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"articleSection\":[\"General Info\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-sslv2-on-cpanel-and-apache-ports\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-sslv2-on-cpanel-and-apache-ports\\\/\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-sslv2-on-cpanel-and-apache-ports\\\/\",\"name\":\"Disable SSLv2 on cPanel and Apache Ports - Linux Shtuff\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\"},\"datePublished\":\"2009-06-30T10:19:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-sslv2-on-cpanel-and-apache-ports\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-sslv2-on-cpanel-and-apache-ports\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/disable-sslv2-on-cpanel-and-apache-ports\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Disable SSLv2 on cPanel and Apache Ports\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\",\"name\":\"Linux Shtuff\",\"description\":\"Because I have CRS Syndrome...\",\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\",\"name\":\"g33kadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"contentUrl\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"width\":512,\"height\":512,\"caption\":\"g33kadmin\"},\"logo\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\"},\"description\":\"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\\\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....\",\"sameAs\":[\"https:\\\/\\\/thelinuxreport.com\",\"https:\\\/\\\/fb.me\\\/g33kinf0\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/drsinger1111\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Disable SSLv2 on cPanel and Apache Ports - Linux Shtuff","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/","og_locale":"en_US","og_type":"article","og_title":"Disable SSLv2 on cPanel and Apache Ports - Linux Shtuff","og_description":"On this post we are going to show how to quickly patch a common PCI Vulnerability Alert that says something like this: \u201cThe remote service appears to encrypt traffic using SSL protocol version 2?. In Apache common ports 80 and 443, you need to modify the SSLCipherSuite directive in the httpd.conf or ssl.conf file. An... Read More","og_url":"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/","og_site_name":"Linux Shtuff","article_publisher":"https:\/\/fb.me\/g33kinf0","article_author":"https:\/\/fb.me\/g33kinf0","article_published_time":"2009-06-30T10:19:40+00:00","author":"g33kadmin","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/drsinger1111","twitter_site":"@drsinger1111","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/#article","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/"},"author":{"name":"g33kadmin","@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"headline":"Disable SSLv2 on cPanel and Apache Ports","datePublished":"2009-06-30T10:19:40+00:00","mainEntityOfPage":{"@id":"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/"},"wordCount":253,"commentCount":0,"publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"articleSection":["General Info"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/","url":"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/","name":"Disable SSLv2 on cPanel and Apache Ports - Linux Shtuff","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/#website"},"datePublished":"2009-06-30T10:19:40+00:00","breadcrumb":{"@id":"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/g33kinfo.com\/info\/disable-sslv2-on-cpanel-and-apache-ports\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/g33kinfo.com\/info\/"},{"@type":"ListItem","position":2,"name":"Disable SSLv2 on cPanel and Apache Ports"}]},{"@type":"WebSite","@id":"https:\/\/g33kinfo.com\/info\/#website","url":"https:\/\/g33kinfo.com\/info\/","name":"Linux Shtuff","description":"Because I have CRS Syndrome...","publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/g33kinfo.com\/info\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547","name":"g33kadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","url":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","contentUrl":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","width":512,"height":512,"caption":"g33kadmin"},"logo":{"@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif"},"description":"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....","sameAs":["https:\/\/thelinuxreport.com","https:\/\/fb.me\/g33kinf0","https:\/\/x.com\/https:\/\/twitter.com\/drsinger1111"]}]}},"_links":{"self":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/316","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/comments?post=316"}],"version-history":[{"count":0,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/316\/revisions"}],"wp:attachment":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/media?parent=316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/categories?post=316"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/tags?post=316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}