Difference between revisions of "Apache SSL/TLS Security Settings"

Revision as of 11:10, 24 April 2019

Connect to the server via ssh or access the shell via the console.

Type in the following, and then press Enter:

sudo nano /etc/apache2/sites-enabled/default-ssl.conf

Locate the line in the file
```
SSLProtocol ALL -SSLv2
```
Comment out this line by placing a # at the beginning of the line.
Add the following lines below the line that you just commented out:

SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

Type CTRL-X and then press Enter to exit.
Enter Y to save changes.
Do not change the name and press Enter to save the changes.
Type in the following, and then press Enter:
```
sudo nano /etc/apache2/apache2.conf
```
Scroll to the bottom of the file.
Add the following lines:

SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

Type CTRL-X and then press Enter to exit.
Enter Y to save changes.
Do not change the name, and press Enter to save the changes.
Type in the following, and then press Enter:
```
sudo service apache2 restart
```

You can verify the active ciphers by running the following command:

nmap -sV --script ssl-enum-ciphers -p 443 <host>

@@ Line 9: / Line 9: @@
 # Type '''CTRL-X''' and then press Enter to exit.
 # Enter '''Y''' to save changes.
-# Do not change the name and press enter to save the changes.
+# Do not change the name and press Enter to save the changes.
 # Type in the following, and then press Enter: <pre>sudo nano /etc/apache2/apache2.conf</pre>
 # Scroll to the bottom of the file.

Difference between revisions of "Apache SSL/TLS Security Settings"

Revision as of 11:10, 24 April 2019

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

VALT Software

Installation

Troubleshooting

Tools