Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Apache2

Posted on 2014-07-24
5
Medium Priority
?
499 Views
Last Modified: 2014-08-12
When using SSL, where are all the spots I eliminate SSL2 and SSL3 and change it to the TLS 1.2?

Thanks!!
0
Comment
Question by:Jack_son_
5 Comments
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 500 total points
ID: 40219124
?? What do you want to ask ?

TY/SA
0
 
LVL 21

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 500 total points
ID: 40219545
The configurations for SSL connections (including the CIPHERS used) for Apache 2 on Linux systems is usually in the "include" file located at /etc/httpd/conf.d/ssl.conf

This is also where you identify your own CERTIFICATES (for each site -- even each page, potentially), and so forth.

Dan
IT4SOHO
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 1000 total points
ID: 40223163
For mod_ssl it is these:

SSLProtocol (disable SSL2 ssl3)
SSLCipherSuite (disable null cyphers etc)

"enable TLS 1.2" needs OpenSSL ibrary v1.0.1, or Nss 3.15.1 or gnutls 3.3.5+
Choose newer OS version if sufficient SSL toolkit is not available.
0
 

Author Comment

by:Jack_son_
ID: 40237998
Thanks Gheist,  do you have an example of this I can look at? I just want to make sure I have the correct config.
0
 
LVL 62

Accepted Solution

by:
gheist earned 1000 total points
ID: 40238007
Read a respectable guide:
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf

SSLProtocol -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!NULL:!aNULL:!EXPORT:!LOW:!RC4:!3DES


go back to ssllabs.com and run "ssl server test" to see if something is still missing.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question