1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Disabling SSLv2 on a per-site basis?

Discussion in 'Plesk for Linux - 8.x and Older' started by Hostasaurus@, Feb 5, 2007.

  1. Hostasaurus@

    Hostasaurus@ Guest

    To achieve PCI compliance on a server for a customer website, we're trying to disable the acceptance of SSLv2 for just that customer's site. I've added the following to their vhost_ssl.conf without success:

    SSLProtocol all -SSLv2

    The apache documentation indicates that SSLProtocol is a command that can be used in both global and virtual host levels so the addition to the vhost_ssl.conf should have made this work. I ended up having to add it to the /etc/httpd/conf.d/ssl.conf at the global level to make it work. Do you know why that would have not worked in vhost_ssl.conf? Other statements in the vhost_ssl.conf are working fine so I know it's being included properly.