SSL Cipher setting
SSL Cipher setting
Test Environment
- Test OS : CentOS 7.2
- Test Version : IBM HTTPServer v8.5
Cipher setting
Apply the following command to the httpd.conf file.
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /app/EAR/SSL
SSLEnable
SSLProtocolDisable SSLv2
SSLProtocolDisable SSLv3
SSLCipherSpec ALL NONE
SSLCipherSpec ALL +TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
SSLCipherSpec ALL +TLS_RSA_WITH_AES_256_CBC_SHA +TLS_RSA_WITH_AES_128_CBC_SHA
</VirtualHost>
KeyFile /SW/web/HTTPServer/key/key.kdb
SSLDisable
Confirm application with the command below.
-t -D DUMP_SSL_CONFIG: show parsed SSL vhost configurations
-t -D DUMP_SSL_CIPHERS: show all known SSL ciphers
To determine which SSL ciphers are enabled on your server, you can set LogLevel debug in your httpd.conf
0 Comments:
댓글 쓰기