Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: pschwarz1978
pschwarz1978 Author
User level: Level 1
0 points

How can I disable SSLv2 on OS X 10.8.5 server

After running a Nessus scan we get the following finding:


SSL Version 2 (v2) Protocol Detection

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :


The remote service encrypts traffic using a protocol with known
weaknesses.


Description :


The remote service accepts connections encrypted using SSL 2.0, which
reportedly suffers from several cryptographic flaws and has been
deprecated for several years. An attacker may be able to exploit
these issues to conduct man-in-the-middle attacks or decrypt
communications between the affected service and clients.


See also :


http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.linux4beginners.info/node/disable-sslv2


Solution :


Consult the application's documentation to disable SSL 2.0 and use
SSL 3.0, TLS 1.0, or higher instead.


Risk factor :


Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)



I cannot find where or how to disable SSLv2? Please help.

Mac Pro, OS X Mountain Lion (10.8.5), OD Server

Posted on Apr 2, 2014 2:41 AM

Reply
Question marked as Best reply
User profile for user: Csound1
Csound1
User level: Level 9
59,973 points

Posted on Apr 2, 2014 3:09 AM

You should post in the server forum, that's where the experts are.



https://discussions.apple.com/community/servers_enterprise_software?view=overvie w

View in context
1 reply

How can I disable SSLv2 on OS X 10.8.5 server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up