https://bugzilla.wikimedia.org/show_bug.cgi?id=29014
Daniel Zahn <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #7 from Daniel Zahn <[email protected]> 2012-02-07 09:24:23 UTC --- We do get a CONNECTED when using SSL2, but the handshake fails, while it works with SSL3 and TLS1: openssl s_client -connect secure.wikimedia.org:443 -ssl2 CONNECTED(00000003) 5140:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428: openssl s_client -connect secure.wikimedia.org:443 -ssl3 ..SSL handshake has read 1509 bytes and written 319 bytes.. openssl s_client -connect secure.wikimedia.org:443 -tls1 ..SSL handshake has read 1656 bytes and written 293 bytes.. In Apache config SSL2 is disabled and insecure ciphers (!ADH) are disabled as well. # enable only secure ciphers: SSLCipherSuite HIGH:MEDIUM:!ADH # enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 SSLProtocol all -SSLv2 What made you think we are still supporting SSL2? Because you do get a CONNECTED(00000003) first? -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
