SSL Cipher setting

cipher

SSL Cipher setting

Test Environment

  • Test OS : CentOS 7.2
  • Test Version : IBM HTTPServer v8.5

Cipher setting

Apply the following command to the httpd.conf file.

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 443

NameVirtualHost *:443

<VirtualHost *:443>
    DocumentRoot /app/EAR/SSL
    SSLEnable
    SSLProtocolDisable SSLv2
    SSLProtocolDisable SSLv3
    SSLCipherSpec ALL NONE
    SSLCipherSpec ALL +TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    SSLCipherSpec ALL +TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
    SSLCipherSpec ALL +TLS_RSA_WITH_AES_256_CBC_SHA +TLS_RSA_WITH_AES_128_CBC_SHA
</VirtualHost>
KeyFile /SW/web/HTTPServer/key/key.kdb
SSLDisable

Confirm application with the command below.

-t -D DUMP_SSL_CONFIG: show parsed SSL vhost configurations
-t -D DUMP_SSL_CIPHERS: show all known SSL ciphers

To determine which SSL ciphers are enabled on your server, you can set LogLevel debug in your httpd.conf

0

0 Comments:

댓글 쓰기

이 블로그 검색

Popular Posts

WEB&&WAS

OS

Reviews