H
Hostasaurus@
Guest
To achieve PCI compliance on a server for a customer website, we're trying to disable the acceptance of SSLv2 for just that customer's site. I've added the following to their vhost_ssl.conf without success:
SSLProtocol all -SSLv2
The apache documentation indicates that SSLProtocol is a command that can be used in both global and virtual host levels so the addition to the vhost_ssl.conf should have made this work. I ended up having to add it to the /etc/httpd/conf.d/ssl.conf at the global level to make it work. Do you know why that would have not worked in vhost_ssl.conf? Other statements in the vhost_ssl.conf are working fine so I know it's being included properly.
SSLProtocol all -SSLv2
The apache documentation indicates that SSLProtocol is a command that can be used in both global and virtual host levels so the addition to the vhost_ssl.conf should have made this work. I ended up having to add it to the /etc/httpd/conf.d/ssl.conf at the global level to make it work. Do you know why that would have not worked in vhost_ssl.conf? Other statements in the vhost_ssl.conf are working fine so I know it's being included properly.