Solved

Apache2

Posted on 2014-07-24
5
464 Views
Last Modified: 2014-08-12
When using SSL, where are all the spots I eliminate SSL2 and SSL3 and change it to the TLS 1.2?

Thanks!!
0
Comment
Question by:Jack_son_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 125 total points
ID: 40219124
?? What do you want to ask ?

TY/SA
0
 
LVL 20

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 125 total points
ID: 40219545
The configurations for SSL connections (including the CIPHERS used) for Apache 2 on Linux systems is usually in the "include" file located at /etc/httpd/conf.d/ssl.conf

This is also where you identify your own CERTIFICATES (for each site -- even each page, potentially), and so forth.

Dan
IT4SOHO
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 40223163
For mod_ssl it is these:

SSLProtocol (disable SSL2 ssl3)
SSLCipherSuite (disable null cyphers etc)

"enable TLS 1.2" needs OpenSSL ibrary v1.0.1, or Nss 3.15.1 or gnutls 3.3.5+
Choose newer OS version if sufficient SSL toolkit is not available.
0
 

Author Comment

by:Jack_son_
ID: 40237998
Thanks Gheist,  do you have an example of this I can look at? I just want to make sure I have the correct config.
0
 
LVL 62

Accepted Solution

by:
gheist earned 250 total points
ID: 40238007
Read a respectable guide:
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf

SSLProtocol -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!NULL:!aNULL:!EXPORT:!LOW:!RC4:!3DES


go back to ssllabs.com and run "ssl server test" to see if something is still missing.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question