> I’m not up-to-date on proper configurations.

Just as a reference: with the ciphers and Protocol from NaviServer's nsssl [1]
one can get an A+ rating from SSL Labs [2]. One should also get decent
ratings with these configuration values from AOLserver.

-g

[1] https://bitbucket.org/naviserver/nsssl/
[2] https://www.ssllabs.com/ssltest/analyze.html?d=next-scripting.org

Am 23.06.15 um 18:11 schrieb Scott Goodwin:
By the way, ignore my CipherSuite line in there — you obviously don’t want SSLv2, +LOW, +MEDIUM and other components - you’ll likely just want the TLS v1.2 ciphers, which are listed here:

https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites

Not sure what the CipherSuite string should look like to support that, but if I have time this week I’ll see if I can figure it out. Be aware that restricting to just TLS 1.2 may cause some older browsers to not work with your site, but I haven’t done hands-on work in this area in years, so

/s.


On Jun 23, 2015, at 12:00 PM, Scott Goodwin <sc...@scottg.net <mailto:sc...@scottg.net>> wrote:

An AOLserver configuration file from an old server I used to run has this section defined:

ns_param Protocol            "SSLv2, SSLv3, TLSv1"
ns_param CipherSuite         "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"

From the OpenSSL documentation:

Only enable TLSv1.2:

SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2");


So I’d assume the following would restrict AOLserver to ONLY use TLS 1.2:

ns_param Protocol            “-ALL,TLSv1.2"
ns_param CipherSuite         "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"


/s.


On Jun 23, 2015, at 10:36 AM, Paula Giangeruso <pgianger...@wineaccess.com <mailto:pgianger...@wineaccess.com>> wrote:

Does anyone have TLS v1.2 working on AOLserver? If so how did you go about doing this?

Thank You,
Paula

--
*/Paula Giangeruso/*- /*Vice President/Engineering*/
pgianger...@wineaccess.com <mailto:pgianger...@wineaccess.com> |www.wineaccess.com <http://www.wineaccess.com/>
/*O:*/(610) 642-1255 | */*F:*/*(610) 642-1277 | /*C:*/(609) 731-8092

*wine*/access/ ®
direct from the source
------------------------------------------------------------------------------

------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors 
network devices and physical & virtual servers, alerts via email & sms 
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
aolserver-talk mailing list
aolserver-talk@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/aolserver-talk

Reply via email to