Solved

Apache2

Posted on 2014-07-24
5
468 Views
Last Modified: 2014-08-12
When using SSL, where are all the spots I eliminate SSL2 and SSL3 and change it to the TLS 1.2?

Thanks!!
0
Comment
Question by:Jack_son_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 125 total points
ID: 40219124
?? What do you want to ask ?

TY/SA
0
 
LVL 20

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 125 total points
ID: 40219545
The configurations for SSL connections (including the CIPHERS used) for Apache 2 on Linux systems is usually in the "include" file located at /etc/httpd/conf.d/ssl.conf

This is also where you identify your own CERTIFICATES (for each site -- even each page, potentially), and so forth.

Dan
IT4SOHO
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 40223163
For mod_ssl it is these:

SSLProtocol (disable SSL2 ssl3)
SSLCipherSuite (disable null cyphers etc)

"enable TLS 1.2" needs OpenSSL ibrary v1.0.1, or Nss 3.15.1 or gnutls 3.3.5+
Choose newer OS version if sufficient SSL toolkit is not available.
0
 

Author Comment

by:Jack_son_
ID: 40237998
Thanks Gheist,  do you have an example of this I can look at? I just want to make sure I have the correct config.
0
 
LVL 62

Accepted Solution

by:
gheist earned 250 total points
ID: 40238007
Read a respectable guide:
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf

SSLProtocol -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!NULL:!aNULL:!EXPORT:!LOW:!RC4:!3DES


go back to ssllabs.com and run "ssl server test" to see if something is still missing.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question