IHS 禁用SSLV2 启用SSLV3

昨天完成了PCI第二季度的ASV扫描，也扫出几个问题，主是IHS SSL加密比较弱：

1.PCI ASV扫描出来的两个问题：

（1）38140 - SSL Server Supports Weak Encryption Vulnerability

（2）38139 - SSL Server Has SSLv2 Enabled Vulnerability

2.解决办法就是在IHS上启用SSLV3：

修改httpd.conf配置，添加以下内容

## SSLv3 128 bit Ciphers
 SSLCipherSpec SSL_RSA_WITH_RC4_128_MD5
 SSLCipherSpec SSL_RSA_WITH_RC4_128_SHA
 ## FIPS approved SSLV3 and TLSv1 128 bit AES Cipher
 SSLCipherSpec TLS_RSA_WITH_AES_128_CBC_SHA
 ## FIPS approved SSLV3 and TLSv1 256 bit AES Cipher
 SSLCipherSpec TLS_RSA_WITH_AES_256_CBC_SHA
 ## Triple DES 168 bit Ciphers
 ## These can still be used, but only if the client does
 ## not support any of the ciphers listed above.
 SSLCipherSpec SSL_RSA_WITH_3DES_EDE_CBC_SHA
 ## The following block disenables SSLv2.
SSLProtocolDisable SSLv2