|
Turn off SSLv3 and TLS 1.0. Borrowed config: SSLEngine on SSLCertificateFile "/etc/httpd/certs/facultyrecruitingqa_northwestern_edu_cert.cer" SSLCertificateKeyFile "/etc/httpd/certs/key.pem" # "Modern" configuration, defined by the Mozilla Foundation's SSL Configuration # Generator as of August 2016. This tool is available at # https://mozilla.github.io/server-side-tls/ssl-config-generator/ SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # Many ciphers defined here require a modern version (1.0.1+) of OpenSSL. Some # require OpenSSL 1.1.0, which as of this writing was in pre-release. SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on SSLCompression off Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" Darryl Baker Sr. System Administrator Northwestern |
Information Technology www.it.northwestern.edu From: ANKIT PALRECHA [mailto:ankyt.palrecha@xxxxxxxxx]
Hello Team, Any idea how can we test if apache supports TLS1.1 and TLS1.2? This is bundled with openssl? Please share detail on tls , how to test? Thanks Ankit Jain +91-9741336404 |
|