- Community Home
- >
- Servers and Operating Systems
- >
- Integrity Servers
- >
- Re: Security Vulnerability: SSL Version 2 and 3 Pr...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2020 08:37 AM
08-07-2020 08:37 AM
Security Vulnerability: SSL Version 2 and 3 Protocol Detection
Our 3rd party vulnerability scanner found SSL v2 and SSL v3 in our HP-UX 11..31 systems and flagged them as medium vulnerability.
How do you diable SSL v2 or SSL v3 in HP-UX? Is there a way to check if they are even used?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-12-2020 03:59 AM
08-12-2020 03:59 AM
Re: Security Vulnerability: SSL Version 2 and 3 Protocol Detection
It would have helped if you had shared CVE ID of the vulnerability. There is a chance that a fix is already there.
Please note, it is required to disable old ssl protocol in individual application, most of the time its a web server.
Also note that SSLv3 protocol has already been disabled in latest HPE SMH product.
However, you can enable or disable SSL protocols by listing all the protocols with ‘+’ to enable and ‘-’ to disable, separated by semicolon.
For example:
smhconfig –H -SSLv2;-SSLv3;+TLSv1;+TLSv1.1;+TLSv1.2
Where, SSLv2 and SSLv3 are disabled and TLSv1, TLSv1.1,TLSv1.2 are enabled.
For more detailed analysis, please open a case with HPE support as it requires verifying installed prodcts and patches in the server.
Regards !
I work for HPE