Re: POODLE on CentOS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Modifying apache configuration to the following should take care of it.
The SSLProtocol directive disables SSLv2 and SSLv3 and leaves other on.

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH
EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"



On Thu, Oct 16, 2014 at 7:41 PM, James B. Byrne <byrnejb@xxxxxxxxxxxxx>
wrote:

> According to the centos wiki:
>
> Validating Changes
>
> You can use Qualys SSL Labs to verify that your web server is no longer
> vulnerable to POODLE or TLS_FALLBACK_SCSV once all action is complete. You
> might also want to only use TLSv1.2 for httpd on CentOS-6.5 (or higher) and
> CentOS-7, while using TLSv1 on CentOS-5.
>
>
> However, on my up-to-datestock CentOS-6.5 the httpd version is 2.2.15 and
> attems to use SSLProtocols greater than v1 yield this error:
>
>
> Syntax error on line 101 of /etc/httpd/conf.d/ssl.conf:
> SSLProtocol: Illegal protocol 'TLSv1.1'
>
>
> I presume that the wiki is in error but I would like confirmation of that
> or
> instructions on how to enable TLSv1.1 and 1.2 on CentOS-6.5.
>
> --
> ***          E-Mail is NOT a SECURE channel          ***
> James B. Byrne                mailto:ByrneJB@xxxxxxxxxxxxx
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Tharun Kumar Allu
==============
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux