Hi,
I've noticed that my Apache server seems to accept SSLv2 connections even
though they are supposed to be disabled. From the mod_ssl.conf:

#  SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2

I also tried the following in a global context:
SSLProtocol -all +SSLv3 +TLSv1

Still I can connect using SSLv2. I grepped through the config directories
but these are the only instances of this directive so I'm not sure why the
configuration doesn't apply. Any ideas?

Regards,
 Dennis

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@(protected)
 "  from the digest: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)