httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel <dferra...@gmail.com>
Subject Re: [users@httpd] Using the most secure SSL cipher suites
Date Mon, 19 Oct 2015 15:17:14 GMT
or you can follow the recommendations at https://cipherli.st.

I would not recommend depending on an alias such as HIGH, which includes
generally considered unsafe ciphers such as PSK or NULL and it will really
depend on the openssl version you use so could result in a list with
differences from one machine to another.

Try openssl ciphers -v 'HIGH' in one machine, try the same in another with
different openssl version and see the difference.

Try to go for specific ciphers first, the most secure tlsv1.2 ones (ECDHE
nowadays) first and then see if you need you need the strongest security so
stop there, or need compatibility and add others.

The url I provided you with has some useful tips

2015-10-19 9:32 GMT+02:00 Rubén Toribio Aldeguer <rtoribio@riu.com>:

> I susgest to read this, may be you find it usesfull:
> https://wiki.mozilla.org/Security/Server_Side_TLS
>
> B.R.
>
> 2015-10-18 22:42 GMT+02:00 David Mehler <dave.mehler@gmail.com>:
>
>> Hello,
>>
>> I'm configuring a new apache 2.4 system which will have a webmail app
>> running on it. I'm wanting to use only the most current/secure ssl
>> ciphers and ones that offer perfect forward secrecy. I'm using FreeBSD
>> 10.1 and my openssl version is 1.0.1l. In the virtual host
>> configuration that will run the webmail app I have:
>>
>> SSLEngine on
>> SSLCipherSuite HIGH
>>
>> and then of course the path to my certificate and key. Do I need to do
>> anything else?
>>
>> On the subject of SSL certificates does anyone use certificates
>> generated from either cacert.org or smartssl, how well are they
>> supported by browsers and phones?
>>
>> Thanks.
>> Dave.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
> --
>
> *Rubén Toribio Aldeguer*
> Técnico Sistemas DataCenter
> Informática Área Sistemas
> (+34) 971743030
> www.riu.com / www.riuplaza.com
>
>                       [image: Facebook]
> <http://www.facebook.com/Riuhoteles> [image: Twitter]
> <http://twitter.com/#%21/RiuHoteles> [image: Flickr]
> <http://www.flickr.com/photos/riuhotels/collections/> [image: Youtube]
> <http://www.youtube.com/user/RiuHotelsandResorts> [image: Google Plus]
> <https://plus.google.com/102337793674910512804/posts>
>
>
> This e-mail and its attachments, if any, are confidential and may be
> legally privileged. If you have received it in error, you are on notice of
> this status. Please do not copy or use it for any other purpose or disclose
> its contents to any other person: to do so could be a breach of confidence.
> You may contact us at +34 971 74 30 30 or at sender's e-mail address.
> [image: Facebook] *Please, consider the environment before printing this
> email.* <http://www.riu.com/es/sostenibilidad/inicio.jsp>
>



-- 
*Daniel Ferradal*
IT Specialist

email         dferradal at gmail.com
linkedin     es.linkedin.com/in/danielferradal

Mime
View raw message