Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2017-11-08, 00:17:50

Author Topic: This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mi  (Read 1954 times)

0 Members and 1 Guest are viewing this topic.

Offline ar1246

  • Senior Member
  • *
  • Posts: 234
  • Karma: +0/-0
  • Gender: Male
    • View Profile
    • Web Hosting | Web Design Murah
Pak, menindak lanjuti pemasangan ssl pada webmail, saya coba isntall ssl di web utamanya pake ssl trial comodo.
ternyata sama koneksi reset lg.
saya switch webserver yg tadinya hiawatha proxy ke apache, nah ternyata jadi bisa di akses pak.
tapi pas di cek di ssllabs katanya "This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C"
ini knapa y pak?

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Apa anda sudah pakai Kloxo-MR 7?. Ini karena di Kloxo-MR, SSL3 sudah di-disable.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline ar1246

  • Senior Member
  • *
  • Posts: 234
  • Karma: +0/-0
  • Gender: Male
    • View Profile
    • Web Hosting | Web Design Murah
pake 7 pak
Code: [Select]
A. Kloxo-MR: 7.0.0.b-2015012701
B. OS: CentOS release 6.6 (Final) i686
C. Apps:
   1. MySQL: mysql55-5.5.41-2.ius.el6.i686
   2. PHP: php53u-5.3.29-1.ius.el6.i686
   3. Httpd: httpd-2.2.29-1.mr.el6.i386
   4. Lighttpd: --uninstalled--
   5. Hiawatha: hiawatha-9.11.0-f.2.mr.el6.i386
   6. Nginx: --uninstalled--
   7. Cache: --uninstalled--
   8. Dns: nsd-4.1.0-3.mr.el6.i386
   9. Qmail: qmail-toaster-1.03-1.3.46.mr.el6.i386
      - with: courier-imap-toaster-4.1.2-1.3.18.mr.el6.i386
D. Php-type (for Httpd/proxy): php-fpm_event
E. Memory:
                total       used       free     shared    buffers     cached
   Mem:          1893       1426        466         78        229        725
   -/+ buffers/cache:        471       1421
   Swap:          255          0        255

tapi gk akan ada efek sampingnya pak?

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Kalau pakai hiawatha-proxy atau nginx-proxy bagaimana hasilnya?.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline GentZu

  • Senior Member
  • *
  • Posts: 323
  • Karma: +0/-0
  • Gender: Male
  • yare yare...
    • View Profile
hiawatha-proxy atau hiawatha only gk bisa pakek ssl, ini bugs lama yg gk pernah di fix sampai kloxomr ....
coba pakek nginx-poxy atau nginx only...

Online MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Secara umum ada 3 file certificate, yaitu:

1. .crt --> file certificate
2. .key --> key / private; bisa digenerate melalui self-assign
3. .ca --> dari vendor SSL; bisa merupakan gabungan beberap .ca (di-chain)

dimana gabungan 1 dan 2 akan menjadi .pem.

Setting di webserver:

1. Hiawatha
SSLcertFile .pem
RequiredCA .ca

2. Apache
SSLCertificateFile .pem
SSLCertificateKeyFile .key
SSLCACertificatefile .ca

3. Nginx
ssl_certificate .pem;
ssl_certificate_key .key;
ssl_trusted_certificate .ca;

Hiawatha tidak memerlukan .key karena .pem adalah gabungan .crt dan .key.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline ar1246

  • Senior Member
  • *
  • Posts: 234
  • Karma: +0/-0
  • Gender: Male
    • View Profile
    • Web Hosting | Web Design Murah
hiawatha-proxy atau hiawatha only gk bisa pakek ssl, ini bugs lama yg gk pernah di fix sampai kloxomr ....
coba pakek nginx-poxy atau nginx only...
Pak MR, kang GentZu bener. SSL pake hiawatha / hiawatha proxy gk bisa pak. ini saya pake nginx proxy
Sayang skali padahal sya ngfans hiawatha proxy  ;D

Offline GentZu

  • Senior Member
  • *
  • Posts: 323
  • Karma: +0/-0
  • Gender: Male
  • yare yare...
    • View Profile
Pak MR, kang GentZu bener. SSL pake hiawatha / hiawatha proxy gk bisa pak. ini saya pake nginx proxy
Sayang skali padahal sya ngfans hiawatha proxy  ;D
iya padahal saya juga suka hiawtha, ntah kenapa gk work di kloxomr7 beta, mungkin kalau yg versi final bisa jalan...
dan masih ada 2 lagi bugs yg berhubungan dengan SSL, saya juga sudah kasih report di post2 sebelumnya...

 


Top 4 Global Search Engines:    Google    Bing    Baidu    Yahoo
Click Here

Page created in 0.052 seconds with 18 queries.

web stats analysis
 
Mirror created by MasterkinG32.CoM