How can I disable sslv3 on virtual appliance?
In a vulnerability scan of our network I found a few items to address on version 9.2.10535 of the Acronis Backup for VMware virtual appliance.
I got out to the shell and edited /etc/lighttpd/lighttpd.conf and added these two lines under the existing ssl.engine and ssl.pemfile parameters:
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
I was sure to write out the file and then rebooted the virtual appliance. A quick test with OpenSSL still makes a connection
OpenSSL> s_client -connect 10.30.1.19:443 -ssl3
Loading 'screen' into random state - done
verify error:num=18:self signed certificate
Our vulnerability scan also found a lighttpd connect.c denial of service vulnerability and suggests updating lighttpd at http://www.lighttpd.net/.
Without any package manager like yum or apt-get or compilation tools, how would one get a compiled updated lighttpd or even just disable sslv3?