> I’m not up-to-date on proper configurations.
Just as a reference: with the ciphers and Protocol from NaviServer's
nsssl [1]
one can get an A+ rating from SSL Labs [2]. One should also get decent
ratings with these configuration values from AOLserver.
-g
[1] https://bitbucket.org/naviserver/nsssl/
[2] https://www.ssllabs.com/ssltest/analyze.html?d=next-scripting.org
Am 23.06.15 um 18:11 schrieb Scott Goodwin:
By the way, ignore my CipherSuite line in there — you obviously don’t
want SSLv2, +LOW, +MEDIUM and other components - you’ll likely just
want the TLS v1.2 ciphers, which are listed here:
https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites
Not sure what the CipherSuite string should look like to support that,
but if I have time this week I’ll see if I can figure it out. Be aware
that restricting to just TLS 1.2 may cause some older browsers to not
work with your site, but I haven’t done hands-on work in this area in
years, so
/s.
On Jun 23, 2015, at 12:00 PM, Scott Goodwin <sc...@scottg.net
<mailto:sc...@scottg.net>> wrote:
An AOLserver configuration file from an old server I used to run has
this section defined:
ns_param Protocol "SSLv2, SSLv3, TLSv1"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
From the OpenSSL documentation:
Only enable TLSv1.2:
SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2");
So I’d assume the following would restrict AOLserver to ONLY use TLS 1.2:
ns_param Protocol “-ALL,TLSv1.2"
ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
/s.
On Jun 23, 2015, at 10:36 AM, Paula Giangeruso
<pgianger...@wineaccess.com <mailto:pgianger...@wineaccess.com>> wrote:
Does anyone have TLS v1.2 working on AOLserver? If so how did you
go about doing this?
Thank You,
Paula
--
*/Paula Giangeruso/*- /*Vice President/Engineering*/
pgianger...@wineaccess.com
<mailto:pgianger...@wineaccess.com> |www.wineaccess.com
<http://www.wineaccess.com/>
/*O:*/(610) 642-1255 | */*F:*/*(610) 642-1277 | /*C:*/(609) 731-8092
*wine*/access/ ®
direct from the source
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Monitor 25 network devices or servers for free with OpManager!
OpManager is web-based network management software that monitors
network devices and physical & virtual servers, alerts via email & sms
for fault. Monitor 25 devices for free with no restriction. Download now
http://ad.doubleclick.net/ddm/clk/292181274;119417398;o
_______________________________________________
aolserver-talk mailing list
aolserver-talk@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/aolserver-talk