httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Theodoro <daniel.theod...@gmail.com>
Subject Re: [users@httpd] Checking SSLCiphersuite?
Date Wed, 04 Dec 2013 16:38:44 GMT
Hi,

Try run this command nmap --script ssl-cert,ssl-enum-ciphers 1.1.1.1 -p 443


On Wed, Dec 4, 2013 at 1:23 PM, LuKreme <kremels@kreme.com> wrote:

> How do I checks what ciphers are available to the https compiled binary,
> and how do I check with of those are active in the configuration?
>
> Is there any technical reason that ECDHE-RSA-AES128-SHA256 cannot be used
> on a server with a self-signed cert (there's no e-commerce or any financial
> data of any sort on the server).
>
> If an existing server wants to switch so that all traffic is encrypted
> using DH if possible (interested in implementing Perfect Forward Secrecy)
> are there any "Gotcha's" lurking in the bushes?
>
> If you enable ECDHE-RSA-AES128-SHA256, should you disable EDH?
>
> To be accessible for most people (including some Windows XP users), what
> else do I need to enable in the cipher suite? RC4? RC4-SHA? TLSv1? AES?
>
> Which ones do I need to avoid?
>
> --
> It's like looking for the farmer's daughter in a haystack, and finding
> the needle.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
Daniel Theodoro
Cel: 11 9-9399-3364
http://www.linkedin.com/in/danieltheodoro

• RHCE - Red Hat Certified Engineer
• LPIC-3 - Senior Level Linux Certification
• Novell Certified Linux Administrator - Suse 11
• Novell Data Center Technical Specialist - Suse 11
• OCA - Oracle Enterprise Linux Administrator Certified Associate
expertise :
EX436 - Red Hat Enterprise Clustering and Storage Management,

Mime
View raw message