Solved

Apache2

Posted on 2014-07-24
5
451 Views
Last Modified: 2014-08-12
When using SSL, where are all the spots I eliminate SSL2 and SSL3 and change it to the TLS 1.2?

Thanks!!
0
Comment
Question by:Jack_son_
5 Comments
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 125 total points
ID: 40219124
?? What do you want to ask ?

TY/SA
0
 
LVL 20

Assisted Solution

by:Daniel McAllister
Daniel McAllister earned 125 total points
ID: 40219545
The configurations for SSL connections (including the CIPHERS used) for Apache 2 on Linux systems is usually in the "include" file located at /etc/httpd/conf.d/ssl.conf

This is also where you identify your own CERTIFICATES (for each site -- even each page, potentially), and so forth.

Dan
IT4SOHO
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 250 total points
ID: 40223163
For mod_ssl it is these:

SSLProtocol (disable SSL2 ssl3)
SSLCipherSuite (disable null cyphers etc)

"enable TLS 1.2" needs OpenSSL ibrary v1.0.1, or Nss 3.15.1 or gnutls 3.3.5+
Choose newer OS version if sufficient SSL toolkit is not available.
0
 

Author Comment

by:Jack_son_
ID: 40237998
Thanks Gheist,  do you have an example of this I can look at? I just want to make sure I have the correct config.
0
 
LVL 61

Accepted Solution

by:
gheist earned 250 total points
ID: 40238007
Read a respectable guide:
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf

SSLProtocol -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!NULL:!aNULL:!EXPORT:!LOW:!RC4:!3DES


go back to ssllabs.com and run "ssl server test" to see if something is still missing.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Most ColdFusion developers get confused between the CFSet, Duplicate, and Structcopy methods of copying a Structure, especially which one to use when. This Article will explain the differences in the approaches with examples; therefore, after readin…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
This video discusses moving either the default database or any database to a new volume.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now