Apache SSL/TLS Security Settings
Revision as of 09:16, 22 January 2018 by IVSWikiBlue (talk | contribs)
- Connect to the server via ssh or access the shell via the console.
- Type sudo nano /etc/apache2/sites-enabled/default-ssl.conf
- Locate the line in the file SSLProtocol ALL -SSLv2
- Comment out this line by placing a # at the beginning of the line.
- Add the following lines below the line that you just commented out:
- SSLProtocol ALL -SSLv2 -SSLv3
- SSLHonorCipherOrder On
- SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
- Press CTRL-X to exit
- Enter Y to save changes.
- Do not change the name and press enter to save the changes.
- Type sudo nano /etc/apache2/apache2.conf
- Scroll to the bottom of the file.
- Add the following lines:
- SSLProtocol ALL -SSLv2 -SSLv3
- SSLHonorCipherOrder On
- SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
- Press CTRL-X to exit
- Enter Y to save changes.
- Do not change the name and press enter to save the changes.
- Type sudo service apache2 restart
You can verify the active ciphers by running the following command:
nmap -sV --script ssl-enum-ciphers -p 443 <host>
