[ILUG] Possible Security Vulnerabilities OpenSSL and Mod_SSL
cmulloy at iol.ie
cmulloy at iol.ie
Thu Sep 29 11:56:33 IST 2005
Hi there I was wondering if anyone can help me.
Can anyone think of any more security configuration issues or vulnerabilities
in the following?
OpenSSL version 0.9.5 and Mod_SSL 2.6.6 running on Redhat
I think there is an issue with the cert and with the handshaking process?
I personally think it could be one of the following issues, but again there
could be more...
or
Issues with Using SSL v2 (Maybe someone has more on this?)
or
The cert has expired
or
The machine name on the cert does not match the host name
or
Could be a self-signed cert, therefore can be faked and not really trusted
or
Could be using a weak cipher, e.g. 40 or 56 bit
I would wlecome any insights or suggestions.
Ciaran
*************************** ADVERTISEMENT ******************************
Get BT Broadband from only EUR15 per month! Enjoy always-on internet
for less! Check it out at http://www.btireland.ie
More information about the ILUG
mailing list