Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 64A36200C49 for ; Fri, 17 Mar 2017 15:37:12 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 629A8160B80; Fri, 17 Mar 2017 14:37:12 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 87320160B6D for ; Fri, 17 Mar 2017 15:37:11 +0100 (CET) Received: (qmail 2307 invoked by uid 500); 17 Mar 2017 14:37:10 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 2297 invoked by uid 99); 17 Mar 2017 14:37:09 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 Mar 2017 14:37:09 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 0C3BBC0952 for ; Fri, 17 Mar 2017 14:37:09 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.902 X-Spam-Level: * X-Spam-Status: No, score=1.902 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.096, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id r7KiqWCgU1UM for ; Fri, 17 Mar 2017 14:37:07 +0000 (UTC) Received: from mail1.bemta12.messagelabs.com (mail1.bemta12.messagelabs.com [216.82.251.10]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id AD5BC5F613 for ; Fri, 17 Mar 2017 14:37:06 +0000 (UTC) Received: from [216.82.251.34] by server-10.bemta-12.messagelabs.com id E7/E7-23376-294FBC85; Fri, 17 Mar 2017 14:37:06 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprCKsWRWlGSWpSXmKPExsVyhMegRnfil9M RBhc26lrMm/SRyYHRo+VqZABjFGtmXlJ+RQJrxoTJsxgLVphWHF/RzN7AuNigi5GLQ0hgOpPE 1XcL2CCc44wSbzo2M0E4Wxkl2vq2AmU4OdgEAiQ+TFrEDmKLCJhKPPj2GMxmEVCVuHdjMhOIL SygKfHq1yMmiBo9iU23FsLZJ69OBZvDKxAi0ff/EyOIzSggJvH91BqwGmYBcYlbT+aD2RICgh KLZu9hhrDFJP7tesgGUS8qcad9PSNEfZ7Eod+HGCFmCkqcnPmEBaJeROLNyxmsELasxI+9+4F 62YFsYYmHRhMYRWYhWTYLyaBZSAZBxHUkFuz+xAZha0ssW/iaGcY+c+AxE7L4Akb2VYzqxalF ZalFuhZ6SUWZ6RkluYmZObqGhkZ6uanFxYnpqTmJScV6yfm5mxiBscUABDsYvy1xPsQoycGkJ Mr7YsXpCCG+pPyUyozE4oz4otKc1OJDjDIcHEoSvFs+AuUEi1LTUyvSMnOAUQ6TluDgURLhlQ RJ8xYXJOYWZ6ZDpE4xKkqJ8y4FSQiAJDJK8+DaYInlEqOslDAvI9AhQjwFqUW5mSWo8q8YxTk YlYR580Gm8GTmlcBNfwW0mAlo8dsPJ0AWlyQipKQaGC2mMny7li94QabF8I6p3ITcI58TH1od zX8T9Upkhp21dfzNvUk7rzX86bSPVYpRkua/mX33XriAdf7Jkgk7z38qVD9/6/mfE380JCzil 0kqX56/OIA3a9att8JVH7lm2LKU/dnul2nwpT654qpPj9Ps1mj22vVZj574nD2jfUswZOqN+f d0WZVYijMSDbWYi4oTAe7zgqgnAwAA X-Env-Sender: Krishnachaithanya.Chunduru@broadridge.com X-Msg-Ref: server-12.tower-145.messagelabs.com!1489761423!93270156!1 X-Originating-IP: [196.12.48.124] X-StarScan-Received: X-StarScan-Version: 9.2.3; banners=broadridge.com,-,- X-VirusChecked: Checked Received: (qmail 55492 invoked from network); 17 Mar 2017 14:37:05 -0000 Received: from unknown (HELO sendmailsrv01.broadridge.com) (196.12.48.124) by server-12.tower-145.messagelabs.com with EDH-RSA-DES-CBC3-SHA encrypted SMTP; 17 Mar 2017 14:37:05 -0000 Received: from hbppslin02.bsg.ad.adp.com ([10.158.11.158]) by sendmailsrv01.broadridge.com (8.13.7+Sun/8.13.7) with ESMTP id v2HEZUeD013173 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Fri, 17 Mar 2017 20:05:35 +0530 (IST) Received: from DLIPBWEXCHA01.bsg.ad.adp.com (dlipbwexcha01.bsg.ad.adp.com [10.158.142.39]) by hbppslin02.bsg.ad.adp.com (RSA Interceptor) for ; Fri, 17 Mar 2017 20:06:38 +0530 Received: from DLCPCWEXMAA1.bsg.ad.adp.com ([fe80::e574:438:6d2e:6c19]) by DLIPBWEXCHA01.bsg.ad.adp.com ([fe80::48ed:680d:1038:296b%12]) with mapi; Fri, 17 Mar 2017 20:06:37 +0530 From: "Chunduru, Krishnachaithanya" To: "users@httpd.apache.org" Date: Fri, 17 Mar 2017 20:06:35 +0530 Thread-Topic: Enabling Forward secrecy on SSL Thread-Index: AdKfKtcA0PlLuo8mQIy1Xs9MfRjvhQ== Message-ID: <7892579A75B02D4E9DE6E4B8C0D610FB05C88E7C76@DLCPCWEXMAA1.bsg.ad.adp.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_7892579A75B02D4E9DE6E4B8C0D610FB05C88E7C76DLCPCWEXMAA1b_" MIME-Version: 1.0 X-RSA-Inspected: yes X-RSA-Classifications: public X-RSA-Action: allow Subject: [users@httpd] Enabling Forward secrecy on SSL archived-at: Fri, 17 Mar 2017 14:37:12 -0000 --_000_7892579A75B02D4E9DE6E4B8C0D610FB05C88E7C76DLCPCWEXMAA1b_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi All, Can someone advise me on how to achieve the below on a server running with= Apache SSL enabled. * SSL - Supports Weak Encryption The following protocols should b= e switched on - TLS 1.2, TLS 1.1, TLS 1.0. SSL 3 and SSL 2 should be disab= led. * Weak Configuration - SSL/TLS - Deprecated Protocol: Disable the = use of SSL 2.0 and 3.0 as well as TLS 1.0. Use TLS 1.1, 1.2, or later and = set the latest protocol as preferred. * The Server Does Not Support Forward Secrecy : Regards, Krishna This message and any attachments are intended only for the use of the addr= essee and may contain information that is privileged and confidential. If = the reader of the message is not the intended recipient or an authorized r= epresentative of the intended recipient, you are hereby notified that any = dissemination of this communication is strictly prohibited. If you have re= ceived this communication in error, please notify us immediately by e-mail= and delete the message and any attachments from your system. --_000_7892579A75B02D4E9DE6E4B8C0D610FB05C88E7C76DLCPCWEXMAA1b_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi All,

 

Can= someone advise me on how to achieve the below on a server running with Ap= ache SSL enabled.

 

=

·=          SSL - Supports Weak Encryption  The following protocols should = be switched on - TLS 1.2, TLS 1.1, TLS 1.0. SSL 3 and SSL 2 should be disa= bled.

·         Weak Configuration - SSL/TLS - Deprecated Protoc= ol: Disable the use of SSL 2.0 and 3.0 as well as TLS 1.0. Use TLS 1.1, 1.= 2, or later and set the latest protocol as preferred.

· = ;        The Server Does Not Support Forward Secrecy :

Regards,

Krish= na

 


This message and any attachments are intended only for the use of the addr= essee and may contain information that is privileged and confidential. If = the reader of the message is not the intended recipient or an authorized r= epresentative of the intended recipient, you are hereby notified that any = dissemination of this communication is strictly prohibited. If you have re= ceived this communication in error, please notify us immediately by e-mail= and delete the message and any attachments from your system.
--_000_7892579A75B02D4E9DE6E4B8C0D610FB05C88E7C76DLCPCWEXMAA1b_--