Проверка приложения дала такой результат:

Synopsis : The remote service supports the use of anonymous SSL ciphers. Description : The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a service that encrypts traffic without having to generate and configure SSL certificates, it offers no way to verify the remote host's identity and renders the service vulnerable to a man-in-the-middle attack. See also : http://www.openssl.org/docs/apps/ciphers .html Solution: Reconfigure the affected application if possible to avoid use of weak ciphers. Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Не понимаю, что еще нужно, т.к. апач настроен на самый высокий уровень, SSLv2 отключен, сертификаты есть, вот кусок vhost'а:
...
SSLEngine on
    # Disable weak SSL ciphers to prevent security issues (http://www.howtoforge.com/secure_websites_using_openssl_and_...)
    SSLCipherSuite HIGH:-SSLv2
    SSLCertificateFile /var/www/mysite.com/secure.mysite.com.crt
#propstore.crt
    SSLCertificateKeyFile /var/www/mysite.com/mysite.key
    SSLCertificateChainFile /var/www/mysite.com/gd_intermediate_bundle.crt
#sf_issuing.crt
...

Server version: Apache/1.3.33 (Debian GNU/Linux)
OpenSSL 0.9.7e 25 Oct 2004

Подскажите, что еще нужно этой проверке?

• Диагноз: 'service supports anonymous SSL ciphers',5fan, 21:44 , 16-Апр-09

Нашел такое решение:
aNULL
    the cipher suites offering no authentication. This is currently the anonymous DH algorithms. These cipher suites are vulnerable to a ``man in the middle'' attack and so their use is normally discouraged.

Т.е. насколько я понимаю, надо прописать:
SSLCipherSuite HIGH:-SSLv2:!aNULL

Может кто-то подсказать чем проверить сайт на данную уязвимость?