Re: apache 2.4.10 sslv3 not offering when tls is enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,


First off all Thanks , like already said I tried about everything :-( nevertheless i tried all of them again  ... without success.

I cannot get the server to offer SSLV3  when TLS is enabled (Any TLS ) when I do ssl protocol SSLv3 then sslv3 works but from the moment I add TLS , SSLv3 no longer works


Sven



 

Show details for Mitchell Krog Photography ---10/02/2017 08:26:09---Your SSL config for Apache 2.4.10 should be as follows <VirtualHost *:443>Mitchell Krog Photography ---10/02/2017 08:26:09---Your SSL config for Apache 2.4.10 should be as follows <VirtualHost *:443>
Hide details for Mitchell Krog Photography ---10/02/2017 08:26:09---Your SSL config for Apache 2.4.10 should be as follows <VirtualHost *:443>Mitchell Krog Photography ---10/02/2017 08:26:09---Your SSL config for Apache 2.4.10 should be as follows <VirtualHost *:443>

From: Mitchell Krog Photography <mitchellkrog@xxxxxxxxx>
To: Christopher Schultz <chris@xxxxxxxxxxxxxxxxxxxxxx>, users@xxxxxxxxxxxxxxxx
Date: 10/02/2017 08:26
Subject: Re: apache 2.4.10 sslv3 not offering when tls is enabled




Your SSL config for Apache 2.4.10 should be as follows

<VirtualHost *:443>
   ...
   SSLEngine on
   SSLCertificateFile      /path/to/signed_certificate_followed_by_intermediate_certs
   SSLCertificateKeyFile   /path/to/private/key

   # Uncomment the following directive when using client certificate authentication
   #SSLCACertificateFile    /path/to/ca_certs_for_client_authentication


   # HSTS (mod_headers is required) (15768000 seconds = 6 months)
   Header always set Strict-Transport-Security "max-age=15768000"
   ...
</VirtualHost>

# intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv3
SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder     on
SSLCompression          off


# OCSP Stapling, only in httpd 2.3.3 and later
SSLUseStapling          on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache        shmcb:/var/run/ocsp(128000)


Always check with > https://mozilla.github.io/server-side-tls/ssl-config-generator/



From: Christopher Schultz
<chris@xxxxxxxxxxxxxxxxxxxxxx>
Reply: 
users@xxxxxxxxxxxxxxxx <users@xxxxxxxxxxxxxxxx>
Date: 10 February 2017 at 12:15:30 AM
To: 
users@xxxxxxxxxxxxxxxx <users@xxxxxxxxxxxxxxxx>
Subject:  Re: apache 2.4.10 sslv3 not offering when tls is enabled


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux