Hi list, I'm configuring apache with https and I've a question about sslv3 deactivation.
Running "openssl ciphers -v" I get a list of cypher suite of openssl like:
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD .........
Each lines report relative protocol.
Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like:
ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
that has protocol SSLv3?
Disabling SSLv3 protocol, apache will use only TLSv1.2 cypher protocol?
Thanks in advance.
Alessandro.
On Mon, 26 Jan 2015, Alessandro Baggi wrote:
Hi list, I'm configuring apache with https and I've a question about sslv3 deactivation.
Running "openssl ciphers -v" I get a list of cypher suite of openssl like:
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD .........
Each lines report relative protocol.
Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like:
ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
that has protocol SSLv3?
Disabling SSLv3 protocol, apache will use only TLSv1.2 cypher protocol?
Unless you're running a site that strictly controls the clients that access it (e.g., corporate intranet), limiting Apache to TLS 1.2 will probably keep some people away since not all widely used browsers support it yet.
Here's what I do (Apache 2.4)
SSLCipherSuite HIGH:MEDIUM:!IDEA:!aNULL:!eNULL:!MD5:!ADH:!EXP SSLHonorCipherOrder on SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1
I'd love to disable TLSv1 and 1.1, but the accessibility trade-offs are too much for me.
I'm configuring apache with https and I've a question about sslv3 deactivation.
Running "openssl ciphers -v" I get a list of cypher suite of openssl like:
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD .........
SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCompression off
Then use cipher suite to your liking. Modern, Intermediate, Old, from...
https://wiki.mozilla.org/Security/Server_Side_TLS#Apache
Test via...
On 01/26/2015 06:48 PM, Ken wrote:
I'm configuring apache with https and I've a question about sslv3 deactivation.
Running "openssl ciphers -v" I get a list of cypher suite of openssl like:
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD .........
SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCompression off
Then use cipher suite to your liking. Modern, Intermediate, Old, from...
https://wiki.mozilla.org/Security/Server_Side_TLS#Apache
Test via...
https://www.ssllabs.com/ssltest/
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks friend for your answer.