How can I disable SSLv2 on OS X 10.8.5 server
After running a Nessus scan we get the following finding:
SSL Version 2 (v2) Protocol Detection
This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
Synopsis :
The remote service encrypts traffic using a protocol with known
weaknesses.
Description :
The remote service accepts connections encrypted using SSL 2.0, which
reportedly suffers from several cryptographic flaws and has been
deprecated for several years. An attacker may be able to exploit
these issues to conduct man-in-the-middle attacks or decrypt
communications between the affected service and clients.
See also :
http://www.schneier.com/paper-ssl.pdf
http://support.microsoft.com/kb/187498
http://www.linux4beginners.info/node/disable-sslv2
Solution :
Consult the application's documentation to disable SSL 2.0 and use
SSL 3.0, TLS 1.0, or higher instead.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
I cannot find where or how to disable SSLv2? Please help.
Mac Pro, OS X Mountain Lion (10.8.5), OD Server