forr tan
asked on
Need remove last 2 weak ciphers. Apache on solaris need correct sslciphersuite line
Need to get rid of these last 2 weak ciphers. Apache on solaris
cipher check failure :
TLSv1.1:
TLS_RSA_WITH_AES_256_CBC_S HA
TLS_RSA_WITH_AES_128_CBC_S HA
sslciphersuite line:
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA 384:ECDHE- ECDSA-AES1 28-GCM-SHA 256:ECDHE- ECDSA-AES2 56-SHA384: ECDHE-ECDS A-AES128
-SHA256:ECDHE-ECDSA-AES256 -SHA:ECDHE -ECDSA-AES 128-SHA:EC DHE-RSA-AE S256-GCM-S HA384:ECDH E-RSA-AES1 28-GCM-SHA 256:ECDHE- RSA-AES256 -
SHA384:ECDHE-RSA-AES128-SH A256:ECDHE -RSA-AES25 6-SHA:ECDH E-RSA-AES1 28-SHA:AES 256-SHA:AE S128-SHA:! aNULL:!eNU LL:!EXPORT :!DES:!RC4 :
!3DES:!MD5:!PSK:!CBC
sslprotocol:
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.2
cipher check failure :
TLSv1.1:
TLS_RSA_WITH_AES_256_CBC_S
TLS_RSA_WITH_AES_128_CBC_S
sslciphersuite line:
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA
-SHA256:ECDHE-ECDSA-AES256
SHA384:ECDHE-RSA-AES128-SH
!3DES:!MD5:!PSK:!CBC
sslprotocol:
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.2
Rather than following the instructions above and using
SSLProtocol all -SSLv2 -SSLv3
SSLProtocol all expands to all the protocols that you have to subtract.
Even TLSv1.2 is already 9 years old and the others are even older. Just use the following and get rid of all the older versions and save some typing:
SSLProtocol TLSv1.2
SSLProtocol all -SSLv2 -SSLv3
SSLProtocol all expands to all the protocols that you have to subtract.
Even TLSv1.2 is already 9 years old and the others are even older. Just use the following and get rid of all the older versions and save some typing:
SSLProtocol TLSv1.2
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
https://www.sslshopper.com/article-how-to-disable-weak-ciphers-and-ssl-2.0-in-apache.html
and
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslproxyciphersuite