I'm still running openssl 0.9.7a (FC2) on my VPS. Should I wait for latest patch to become available for FC2 or manually upgrade to 0.9.7i. I tried to disable sslv2, but without success. Does anybody know how to do it? Or if somebody who did upgrade can give me specific instruction for FC2. I did it already on my test FC2 server, it looks like it works OK, but it is always good ask for advice.

Dario

To disable SSLv2:
Find the SSLCipherSuite directive in httpd.conf. You will probably see it as a comment which indicates the default cipher suite. If so, make a copy of the line and uncomment the copy. (Remove the # from the start of the line) Then, change:
.....:+sslv2:....
to
.....:!sslv2:....

This will kill sslv2 and prevent it from being added to the suite later.

Reference:
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslciphersuite