UnixServerAdmin

Server Administration & Management

How to Enable Secure SSL Protocol

A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages. Because sometimes Servers use SSLv2 protocol with low encryption ciphers. There are known flaws in the SSLv2 protocol.  These flaws have been fixed in SSLv3 (or TLSv1). SSLv2 should be disabled and MEDIUM or HIGH encryption ciphers must be used. SSLV3 should be used instead of SSLv2.

# vim /etc/httpd/conf.d/ssl.conf

Remove or Comment on Following Lines

Line No. 93 :-  SSLProtocol all -SSLv2
Line No. 98 :-  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

Add Following Line

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNull:!ADH:!eNULL:!LOW:!EXP:!RC4+RSA:+HIGH:+MEDIUM

# /etc/init.d/httpd restart

# chkconfig httpd on

Advertisements

September 20, 2013 - Posted by | Apache, Security | , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: