httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darryl Philip Baker <darryl.ba...@northwestern.edu>
Subject RE: [users@httpd] TLS1.2
Date Tue, 16 May 2017 20:50:51 GMT
Turn off SSLv3 and TLS 1.0.
Borrowed config:
        SSLEngine on
        SSLCertificateFile "/etc/httpd/certs/facultyrecruitingqa_northwestern_edu_cert.cer"
        SSLCertificateKeyFile "/etc/httpd/certs/key.pem"
        # "Modern" configuration, defined by the Mozilla Foundation's SSL Configuration
        # Generator as of August 2016. This tool is available at
        # https://mozilla.github.io/server-side-tls/ssl-config-generator/
        SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
        # Many ciphers defined here require a modern version (1.0.1+) of OpenSSL. Some
        # require OpenSSL 1.1.0, which as of this writing was in pre-release.
        SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
        SSLHonorCipherOrder on
        SSLCompression      off
        Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"


Darryl Baker
Sr. System Administrator
Northwestern | Information Technology
www.it.northwestern.edu

From: ANKIT PALRECHA [mailto:ankyt.palrecha@gmail.com]
Sent: May 16, 2017 2:05 PM
To: users@httpd.apache.org
Subject: [users@httpd] TLS1.2

Hello Team,

Any idea how can we test if apache supports TLS1.1 and TLS1.2?


This is bundled with openssl?


Please share detail on tls , how to test?

Thanks
Ankit Jain
+91-9741336404
Mime
View raw message