I was browsing on Apache Document Website and like this How-To tutorial "SSL/TLS Strong Encryption: How-To". Previously I have blog an entry on How to disable SSLv2 and Weak Cipers and enable SSLv3 on Linux . This How-To from Apache can be easily adapted to similar settings.
Here are some excerpts from the How-To
1. Create a real SSLv2-only server?
The following creates an SSL server which speaks only the SSLv2 protocol and its ciphers.
httpd.conf
SSLProtocol -all +SSLv2 SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
2. How can I create an SSL server which accepts strong encryption only?
The following enables only the seven strongest ciphers:
At /etc/httpd/conf/httpd.conf
SSLProtocol all SSLCipherSuite HIGH:MEDIUM
3. Accepts All types of cipher in general, but requires strong cipher for access to particular URL.
At /etc/httpd/conf/conf.d/ssl.conf
# (liberal in general for all cipher)
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# But at the particular directory which require strong encryption
<Location /strong/area> # but https://hostname/strong/area/ and below # requires strong ciphers SSLCipherSuite HIGH:MEDIUM </Location>
No comments:
Post a Comment