Solved

Apache2

Posted on 2014-07-24
5
455 Views
Last Modified: 2014-08-12
When using SSL, where are all the spots I eliminate SSL2 and SSL3 and change it to the TLS 1.2?

Thanks!!
0
Comment
Question by:Jack_son_
5 Comments
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 125 total points
ID: 40219124
?? What do you want to ask ?

TY/SA
0
 
LVL 20

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 125 total points
ID: 40219545
The configurations for SSL connections (including the CIPHERS used) for Apache 2 on Linux systems is usually in the "include" file located at /etc/httpd/conf.d/ssl.conf

This is also where you identify your own CERTIFICATES (for each site -- even each page, potentially), and so forth.

Dan
IT4SOHO
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 40223163
For mod_ssl it is these:

SSLProtocol (disable SSL2 ssl3)
SSLCipherSuite (disable null cyphers etc)

"enable TLS 1.2" needs OpenSSL ibrary v1.0.1, or Nss 3.15.1 or gnutls 3.3.5+
Choose newer OS version if sufficient SSL toolkit is not available.
0
 

Author Comment

by:Jack_son_
ID: 40237998
Thanks Gheist,  do you have an example of this I can look at? I just want to make sure I have the correct config.
0
 
LVL 61

Accepted Solution

by:
gheist earned 250 total points
ID: 40238007
Read a respectable guide:
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf

SSLProtocol -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!NULL:!aNULL:!EXPORT:!LOW:!RC4:!3DES


go back to ssllabs.com and run "ssl server test" to see if something is still missing.
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VMWARE Vcenter GUI defaults question about networks 10 85
AWS New EC2 Instance and EBS Storage 2 70
Ubuntu vs. Debian 4 94
Secure host to host communication 5 92
In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now