UnixServerAdmin

Server Administration & Management

How to Enable Secure SSL Protocol

A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages. Because sometimes Servers use SSLv2 protocol with low encryption ciphers. There are known flaws in the SSLv2 protocol.  These flaws have been fixed in SSLv3 (or TLSv1). SSLv2 should be disabled and MEDIUM or HIGH encryption ciphers must be used. SSLV3 should be used instead of SSLv2.

# vim /etc/httpd/conf.d/ssl.conf

Remove or Comment on Following Lines

Line No. 93 :-  SSLProtocol all -SSLv2
Line No. 98 :-  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

Add Following Line

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNull:!ADH:!eNULL:!LOW:!EXP:!RC4+RSA:+HIGH:+MEDIUM

# /etc/init.d/httpd restart

# chkconfig httpd on

Advertisements

September 20, 2013 Posted by | Apache, Security | , , | Leave a comment