Apache SSL/TLS Security Settings

From IVS Wiki
Revision as of 08:28, 22 April 2019 by IVSWikiBlue (talk | contribs)
Jump to: navigation, search
  1. Connect to the server via ssh or access the shell via the console.
  2. Type sudo nano /etc/apache2/sites-enabled/default-ssl.conf.
  3. Locate the line in the file SSLProtocol ALL -SSLv2.
  4. Comment out this line by placing a # at the beginning of the line.
  5. Add the following lines below the line that you just commented out:
    SSLProtocol ALL -SSLv2 -SSLv3
    SSLHonorCipherOrder On
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
  6. Press CTRL-X to exit.
  7. Enter Y to save changes.
  8. Do not change the name and press enter to save the changes.
  9. Type sudo nano /etc/apache2/apache2.conf.
  10. Scroll to the bottom of the file.
  11. Add the following lines:
    SSLProtocol ALL -SSLv2 -SSLv3
    SSLHonorCipherOrder On
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
  12. Press CTRL-X to exit.
  13. Enter Y to save changes.
  14. Do not change the name, and press Enter to save the changes.
  15. Type sudo service apache2 restart.

You can verify the active ciphers by running the following command:

nmap -sV --script ssl-enum-ciphers -p 443 <host>