Displaying 20 results from an estimated 40 matches for "sslciphersuite".
2015 Mar 04
2
New FREAK SSL Attack CVE-2015-0204
Hello,
about the CVE-2015-0204, in apache the following config seems to disable
this vulnerability:
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite
HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
Is something similar possible with dovecot ?
If yes, what are the implications with old mail clients ?
--
Best regards,
Adrian Minta
2017 Apr 26
3
Apache + SSL: default configuration rated "C" by Qualys Labs
...ate.
>
> https://wiki.mozilla.org/Security/Server_Side_TLS
I'm not 100% on any differences in ciphers available, but I don't
think there should be much difference between EL7 and Fedora.
This config gets my an A+ rating on the sslabs test:
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite "EECDH+aRSA+AESGCM EECDH+aRSA+SHA384 EECDH+aRSA+SHA256
EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES
!CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4"
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15768000;
includeSubDomains;...
2013 Sep 10
2
dovecot and PFS
Hi
Is there known advices on how to favor PFS with dovecot?
In Apache, I use the following directives, with cause all modern
browsers to adopt 256 bit PFS ciphers, while keeping backward
compatibility with older browsers and avoiding BEAST attack:
SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10
-SHA1:RC4:!MD5:!DES:!aNULL:!eNULL
dovecot does not care about BEAST, since attacker cannot inject
trafic. Therefore the cipher list get simplier in dovecot.conf:
ssl_cipher_list = ECDHE at STRENGTH:ECDH at STRENGTH:DH at S...
2017 Apr 26
4
Apache + SSL: default configuration rated "C" by Qualys Labs
Hi,
I'm currently experimenting with a public server running CentOS 7. I
have half a dozen production servers all running Slackware Linux, and I
intend to progressively migrate them to CentOS, for a host of reasons
(support cycle, package availability, SELinux, etc.) But before doing
that, I have to figure out a few things that work differently under
CentOS. Apache and SSL behave quite
2016 Feb 29
4
Problems with ProxyPass to a local ip (using SSL)
...68.1.5:444>
ServerName myweb01.local.domain
ErrorLog logs/ssl_error.log
CustomLog logs/ssl_access.log combined
CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogLevel info
SSLEngine on
SSLProxyEngine On
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
SSLCertificateFile /etc/httpd/certs/server.crt
SSLCertificateKeyFile /etc/httpd/certs/server.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://192.168.1.5:5100/
ProxyPassReverse / http://192.168.1.5:5100/
Req...
2012 Feb 06
1
Puppet / Passenger SSL Problems with DRBD
...s/1.8/gems/
passenger-2.2.11/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11
PassengerRuby /usr/bin/ruby
CustomLog "/var/log/httpd/puppet_access_log" common
ErrorLog "/var/log/httpd/puppet_error_log"
SSLEngine on
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLCertificateFile /drbd01/puppet/var/lib/puppet/ssl/certs/
puppetmaster.foo.bar.pem
SSLCertificateKeyFile /drbd01/puppet/var/lib/puppet/ssl/
private_keys/puppetmaster.foo.bar.pem
SSLCertificateChainFile /drbd01/puppet/var/lib/puppet/ssl/ca/
ca_crt.pem...
2013 Jul 23
3
Debugging Puppetmaster with Apache/Rack/Passenger
...ssengerMaxPoolSize 12
PassengerMaxRequests 1000
PassengerPoolIdleTime 600
Listen 8140
<VirtualHost *:8140>
SSLEngine On
# Only allow high security cryptography. Alter if needed for
compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/<puppetmaster>.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/
<puppetmaster>.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCAC...
2013 May 30
4
Could not request certificate: Error 405 on SERVER
...] [client 192.168.223.131] File does not
exist:
/usr/share/puppet/rack/puppetmasterd/public/production/certificate_request/pclient
Here is some relevant apache config info:
# Only allow high security cryptography. Alter if needed for
compatibility.
SSLProtocol All -SSLv2
SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
SSLCertificateFile
/var/lib/puppet/ssl/certs/pmaster.localdomain.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/pmaster.localdomain.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLCACertificateFile...
2008 Oct 07
6
https problems
I''m having a problem but don''t know what is causing it so I don''t know
exactly where to post, please bear with me.
I''m trying to set up https access however whenever I go to https://url_for_site
the root route renders but the url is rewritten to http://url_for_site.
The ssl request shows in the apache logs but obviously no further ssl
requests show up.
2010 Dec 22
3
Using Puppet's client certificates for Apache, SSLVerifyClient
...n against this particular Puppet node''s
certificate, and expected it to just plain not work any more, and
thereby updating my Puppet master''s key store.
Here''s that Apache configuration I was talking about:
<VirtualHost 10.1.0.165:443>
SSLEngine On
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLCertificateFile
/var/lib/puppet/ssl/certs/puppet01.ops.az.domain.local.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/puppet01.ops.az.domain.local.pem
SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem
SSLVerifyClient req...
2012 Apr 22
2
centos 6.2 - puppet 2.7.13 - SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version
...dir/localconfig
pluginsync = true
[master]
autosign = true
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
My apache vhost is configured like this:
<VirtualHost 192.168.1.60:8140>
SSLEngine on
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile
/var/lib/puppet/ssl/certs/medion.chatillon.betrancourt.net.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/medion.chatillon.betrancourt.net.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.p...
2010 Aug 20
5
puppet dashboard gui looks odd from apache2
...these settings
PassengerHighPerformance on
PassengerMaxPoolSize 12
PassengerPoolIdleTime 1500
# PassengerMaxRequests 1000
PassengerStatThrottleRate 120
RackAutoDetect Off
RailsAutoDetect Off
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile
/var/lib/puppet/ssl/certs/sys-ubuntu.arl.qwestip.net.pem
SSLCertificateKeyFile
/var/lib/puppet/ssl/private_keys/sys-ubuntu.arl.qwestip.net.pem
SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem...
2016 Feb 29
0
Problems with ProxyPass to a local ip (using SSL)
....domain
> ErrorLog logs/ssl_error.log
> CustomLog logs/ssl_access.log combined
> CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> LogLevel info
> SSLEngine on
> SSLProxyEngine On
> SSLProtocol -ALL +SSLv3 +TLSv1
> SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2
> SSLCertificateFile /etc/httpd/certs/server.crt
> SSLCertificateKeyFile /etc/httpd/certs/server.key
> ProxyRequests Off
> ProxyPreserveHost On
> ProxyPass / http://192.168.1.5:5100/
> ProxyPassReverse /...
2017 Apr 26
0
Apache + SSL: default configuration rated "C" by Qualys Labs
...ity/Server_Side_TLS
>
> I'm not 100% on any differences in ciphers available, but I don't
> think there should be much difference between EL7 and Fedora.
>
> This config gets my an A+ rating on the sslabs test:
>
> SSLEngine on
> SSLProtocol all -SSLv2 -SSLv3
> SSLCipherSuite "EECDH+aRSA+AESGCM EECDH+aRSA+SHA384 EECDH+aRSA+SHA256
> EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES
> !CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4"
>
> <IfModule mod_headers.c>
> Header always set Strict-Transport-Security "max-age=157...
2015 Mar 04
0
New FREAK SSL Attack CVE-2015-0204
On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote:
> Hello,
> about the CVE-2015-0204, in apache the following config seems to disable
> this vulnerability:
> SSLProtocol All -SSLv2 -SSLv3
> SSLCipherSuite
> HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
>
> Is something similar possible with dovecot ?
I use this with some succes:
# dovecot has built-in protection against BEAST, therefore no need
# to remove -SSLv2-SHA1:-TLSv10-SHA1
ssl_protocols = !SSLv2 !SSLv3
ssl_ciphe...
2016 Nov 21
0
samba tls protocols and ciphers change how?
...o you can check with.
https://www.htbridge.com/ssl/
https://ssllabs.com
https://tls.imirhil.fr
https://securityheaders.io/
http://emailsecuritygrader.com/
cli tool, very handy.
https://testssl.sh/
https://cipherli.st/ from this site an improved apache (2.4.17+ ) line there.
SSLCipherSuite "ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 DES-CBC3-SHA AES128...
2009 Aug 26
1
ssl certificate, maximum protection, on the budget?
Hello,
I've got a client who wants to go ssl. He's running a web server,
smtp/pop, and ftps and imaps is coming as well. I'm looking for a wildcard
ssl certificate i believe it's called but one on the budget plan. I am also
wanting to ensure that the mod_ssl with httpd on the server is only using
the strongest encryption methods and protocols.
Thanks.
Dave.
2013 Oct 15
0
"Perfect Forward Secrecy" on Redhat/Fedora
...her_list =
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:@STRENGTH
______________________________
the same for Apache:
SSLHonorCipherOrder On
SSLCipherSuite
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type:...
2015 Jan 26
3
Apache and SSLv3
Hi list,
I'm configuring apache with https and I've a question about sslv3
deactivation.
Running "openssl ciphers -v" I get a list of cypher suite of openssl like:
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128)
Mac=AEAD
.........
Each lines report relative protocol.
Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like:
2012 Jun 14
15
Problem with Load Balancing Puppet masters with Apache mod_proxy
I have a single LB running Apache with mod_proxy in front of a Puppet
master. These are the LB and Puppet master configs:
<Proxy balancer://puppetmaster>
BalancerMember http://192.168.1.10:8140
</Proxy>
Listen 8140
<VirtualHost *:8140>
SSLEngine on
SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
SSLCertificateFile /var/lib/puppet/ssl/certs/
puppetlb.example.com.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/
puppetlb.example.co...