Arhiv za november 19, 2014

whm/cpanel禁用sslv3

登陆WHM » Service Configuration » Apache Configuration » Include Editor » Pre Main Include

 

 

Code:
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+
SSLHonorCipherOrder on

This will work with Apache and also LiteSpeed, if you have this installed on your server.

 

测试http://foundeo.com/products/iis-weak-ssl-ciphers/test.cfm

 

 

Home » Service Configuration » Apache Configuration » Include Editor » Pre Main Include (pre_main_global.conf)

Vnesite:
SSLProtocol ALL -SSLv2 -SSLv3

Save and restart Apache to complete.

Komentarji

SSLv3 再次爆出漏洞

SSLv3 再次爆出漏洞在 Google 的新草案 TLS_FALLBACK_SCSV 还未明朗的情况下目前禁用 SSLv3 是一个 不考虑 IE6 的 workaround

1
2
3
4
5
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHERSAAES256SHA384:AES256SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

 

sslv3测试http://foundeo.com/products/iis-weak-ssl-ciphers/test.cfm

Komentarji