Monday, April 16, 2012

SSL/TTL strong encryption How to from Apache



I was browsing on Apache Document Website and like this How-To tutorial "SSL/TLS Strong Encryption: How-To". Previously I have blog an entry on How to disable SSLv2 and Weak Cipers and enable SSLv3 on Linux . This How-To from Apache can be easily adapted to similar settings.

Here are some excerpts from the How-To


1. Create a real SSLv2-only server?

The following creates an SSL server which speaks only the SSLv2 protocol and its ciphers.
httpd.conf
SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP

2. How can I create an SSL server which accepts strong encryption only?

The following enables only the seven strongest ciphers:

At /etc/httpd/conf/httpd.conf
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM

3. Accepts All types of cipher in general, but requires strong cipher for access to particular URL.

At /etc/httpd/conf/conf.d/ssl.conf

# (liberal in general for all cipher)

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

# But at the particular directory which require strong encryption

<Location /strong/area>
# but https://hostname/strong/area/ and below
# requires strong ciphers
SSLCipherSuite HIGH:MEDIUM
</Location>

No comments: