Apache Disable Outdated SSL/TLS versions

Following configurations will get you high security cipher SSL configurations in Apache by updating the ssl config file.


##To disable TLS 1.0/1.1 and SSL 2.0/3.0
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

## To enable only high degree of protection
SSLCipherSuite HIGH:!aNULL:!MD5:!3DES

## To use server cipher preferences instead of client preferences
SSLHonorCipherOrder on

Comments

Post a Comment

Popular posts from this blog

Weblogic 12c & Apache 2.4 troubleshooting

Error -   libonssys.so: cannot open shared object file : httpd: Syntax error on line 355 of /etc/httpd/conf/httpd.conf: Syntax error on line 1 of /data/apps/apache2/conf.d/vhost.conf: Cannot load /etc/httpd/modules/mod_wl_24.so into server: libonssys.so: cannot open shared object file: No such file or directory Solution: 1) Copy all supported  Download Oracle WebLogic Web Server Plug-Ins 12c from Oracle website : http://www.oracle.com/technetwork/middleware/webtier/downloads/index-jsp-156711.html Extract the downloaded archive and find (correct file according to your architecture) mod_wl_24.so (This is for Apache2.4.x) & libonssys.so & libonsssl.so & libdms2.so copy into /etc/httpd/modules/ folder. 2) Set the  LD_LIBRARY_PATH inside the  /etc/sysconfig/httpd file.  echo $ LD_LIBRARY_PATH first and copy paste the same in httpd file along with  /etc/httpd/modules location. Example in my case: File:  /etc/syscon...
Read more

Enabling WL-Proxy-SSL HTTP header in WebLogic

Scenario : Weblogic server will be always behind the LoadBalancer or Apache layer. Most of the time the SSL's will be either offloaded in LoadBalancer or Apache layer.  To construct applicaitons URL's with the right protocol will be a challenge while using weblogic as application server.  To achieve this scenario we have to enable  WL-Proxy-SSL and WebLogic Plug-In Enabled. Solution: - Update the LoadBalancer configurations/iRules to set the RequestHeader WL-Proxy-SSL to  true . - Follow the below steps to set the WebLogic 'Plugin Enabled' flag to Yes. (Following steps are based on the weblogic version 12.1.2)    - Login into weblogic console    - Click on Lock & Edit button     - Click on the domain name    - Under Configurations tab go to "Web Applications" sub tab    - Select the check box "WebLogic Plugin Enabled" and click "save" button    - Finally click on "Activate C...
Read more