Turn off SSLv3 and TLS 1.0.
Borrowed config:
SSLEngine on
SSLCertificateFile
"/etc/httpd/certs/facultyrecruitingqa_northwestern_edu_cert.cer"
SSLCertificateKeyFile "/etc/httpd/certs/key.pem"
# "Modern" configuration, defined by the Mozilla Foundation's SSL
Configuration
# Generator as of August 2016. This tool is available at
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
# Many ciphers defined here require a modern version (1.0.1+) of
OpenSSL. Some
# require OpenSSL 1.1.0, which as of this writing was in pre-release.
SSLCipherSuite
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
Header always set Strict-Transport-Security "max-age=63072000;
includeSubdomains;"
Darryl Baker
Sr. System Administrator
Northwestern | Information Technology
www.it.northwestern.edu
From: ANKIT PALRECHA [mailto:[email protected]]
Sent: May 16, 2017 2:05 PM
To: [email protected]
Subject: [users@httpd] TLS1.2
Hello Team,
Any idea how can we test if apache supports TLS1.1 and TLS1.2?
This is bundled with openssl?
Please share detail on tls , how to test?
Thanks
Ankit Jain
+91-9741336404
