Re: [CentOS] Apache + SSL: default configuration rated "C" by Qualys Labs

2017-04-29 Thread Walter H.
On 26.04.2017 08:58, Nicolas Kovacs wrote: Hi, I'm currently experimenting with a public server running CentOS 7. I have half a dozen production servers all running Slackware Linux, and I intend to progressively migrate them to CentOS, for a host of reasons (support cycle, package availability,

Re: [CentOS] Apache + SSL: default configuration rated "C" by Qualys Labs

2017-04-26 Thread Nicolas Kovacs
Le 26/04/2017 à 16:16, James Hogarth a écrit : > I'm not 100% on any differences in ciphers available, but I don't > think there should be much difference between EL7 and Fedora. > > This config gets my an A+ rating on the sslabs test: > > SSLEngine on > SSLProtocol all -SSLv2 -SSLv3 >

Re: [CentOS] Apache + SSL: default configuration rated "C" by Qualys Labs

2017-04-26 Thread Leon Fauster
> Am 26.04.2017 um 17:17 schrieb Fabian Arrotin : > > On 26/04/17 16:16, James Hogarth wrote: >> On 26 April 2017 at 13:16, Steven Tardy wrote: >>> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs wrote: The site is rated

Re: [CentOS] Apache + SSL: default configuration rated "C" by Qualys Labs

2017-04-26 Thread Fabian Arrotin
On 26/04/17 16:16, James Hogarth wrote: > On 26 April 2017 at 13:16, Steven Tardy wrote: >> >>> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs wrote: >>> >>> The site is rated "C" >> >> The RHEL/CentOS out-of-the-box apache tls is a little old but

Re: [CentOS] Apache + SSL: default configuration rated "C" by Qualys Labs

2017-04-26 Thread James Hogarth
On 26 April 2017 at 13:16, Steven Tardy wrote: > >> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs wrote: >> >> The site is rated "C" > > The RHEL/CentOS out-of-the-box apache tls is a little old but operational. > This Mozilla resource is excellent for

Re: [CentOS] Apache + SSL: default configuration rated "C" by Qualys Labs

2017-04-26 Thread Steven Tardy
> On Apr 26, 2017, at 2:58 AM, Nicolas Kovacs wrote: > > The site is rated "C" The RHEL/CentOS out-of-the-box apache tls is a little old but operational. This Mozilla resource is excellent for getting apache tls config up-to-date.

Re: [CentOS] Apache + SSL: default configuration rated "C" by Qualys Labs

2017-04-26 Thread Tru Huynh
Hi, On Wed, Apr 26, 2017 at 08:58:39AM +0200, Nicolas Kovacs wrote: ... > * This server is vulnerable to the POODLE attack. If possible, disable > SSL 3 to mitigate. Grade capped to C." https://wiki.centos.org/Security/POODLE <...> Tru -- Tru Huynh

[CentOS] Apache + SSL: default configuration rated "C" by Qualys Labs

2017-04-26 Thread Nicolas Kovacs
Hi, I'm currently experimenting with a public server running CentOS 7. I have half a dozen production servers all running Slackware Linux, and I intend to progressively migrate them to CentOS, for a host of reasons (support cycle, package availability, SELinux, etc.) But before doing that, I have