Article
7455
Resolve Cipher and SSL Threats in Security Scans
The remote service supports the use of weak SSL ciphers.
Modify the /etc/apache2/vhosts.d/vhost-ssl.conf with the following line:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
change to:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:+eNULL" set in
The "!" prevents the export of the ciphers causing problems.
Change +LOW to !LOW to prevent all low strength ciphers
Change +SSLv2 to !SSLv2 to preven all SSL version 2.0 chipers
Change +EXP to !EXP to prevent all export ciphers.
Deprecated SSL Protocol Usage
Add the following to /etc/apache2/vhosts.d/vhost-ssl.conf
"SSLProtocol -All +SSLv3 +TLSv1"
-All removes all SSL Protocols
+SSLv3 adds SSL version 3
+TLSv1 add TLS version 1
Restart apache (rcapache2 restart) and rescan
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.
Related Articles
User Comments
- Be the first to comment! To leave a comment you need to Login or Register
- 7455 reads
0