search for: sslciphersuite

Displaying 20 results from an estimated 40 matches for "sslciphersuite".

2015 Mar 04
2
New FREAK SSL Attack CVE-2015-0204
Hello, about the CVE-2015-0204, in apache the following config seems to disable this vulnerability: SSLProtocol All -SSLv2 -SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4 Is something similar possible with dovecot ? If yes, what are the implications with old mail clients ? -- Best regards, Adrian Minta
2017 Apr 26
3
Apache + SSL: default configuration rated "C" by Qualys Labs
...ate. > > https://wiki.mozilla.org/Security/Server_Side_TLS I'm not 100% on any differences in ciphers available, but I don't think there should be much difference between EL7 and Fedora. This config gets my an A+ rating on the sslabs test: SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite "EECDH+aRSA+AESGCM EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES !CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4" <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains;...
2013 Sep 10
2
dovecot and PFS
Hi Is there known advices on how to favor PFS with dovecot? In Apache, I use the following directives, with cause all modern browsers to adopt 256 bit PFS ciphers, while keeping backward compatibility with older browsers and avoiding BEAST attack: SSLProtocol all -SSLv2 SSLHonorCipherOrder On SSLCipherSuite ECDHE at STRENGTH:ECDH at STRENGTH:DH at STRENGTH:HIGH:-SSLv3-SHA1:-TLSv10 -SHA1:RC4:!MD5:!DES:!aNULL:!eNULL dovecot does not care about BEAST, since attacker cannot inject trafic. Therefore the cipher list get simplier in dovecot.conf: ssl_cipher_list = ECDHE at STRENGTH:ECDH at STRENGTH:DH at S...
2017 Apr 26
4
Apache + SSL: default configuration rated "C" by Qualys Labs
Hi, I'm currently experimenting with a public server running CentOS 7. I have half a dozen production servers all running Slackware Linux, and I intend to progressively migrate them to CentOS, for a host of reasons (support cycle, package availability, SELinux, etc.) But before doing that, I have to figure out a few things that work differently under CentOS. Apache and SSL behave quite
2016 Feb 29
4
Problems with ProxyPass to a local ip (using SSL)
...68.1.5:444> ServerName myweb01.local.domain ErrorLog logs/ssl_error.log CustomLog logs/ssl_access.log combined CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" LogLevel info SSLEngine on SSLProxyEngine On SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2 SSLCertificateFile /etc/httpd/certs/server.crt SSLCertificateKeyFile /etc/httpd/certs/server.key ProxyRequests Off ProxyPreserveHost On ProxyPass / http://192.168.1.5:5100/ ProxyPassReverse / http://192.168.1.5:5100/ Req...
2012 Feb 06
1
Puppet / Passenger SSL Problems with DRBD
...s/1.8/gems/ passenger-2.2.11/ext/apache2/mod_passenger.so PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.11 PassengerRuby /usr/bin/ruby CustomLog "/var/log/httpd/puppet_access_log" common ErrorLog "/var/log/httpd/puppet_error_log" SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /drbd01/puppet/var/lib/puppet/ssl/certs/ puppetmaster.foo.bar.pem SSLCertificateKeyFile /drbd01/puppet/var/lib/puppet/ssl/ private_keys/puppetmaster.foo.bar.pem SSLCertificateChainFile /drbd01/puppet/var/lib/puppet/ssl/ca/ ca_crt.pem...
2013 Jul 23
3
Debugging Puppetmaster with Apache/Rack/Passenger
...ssengerMaxPoolSize 12 PassengerMaxRequests 1000 PassengerPoolIdleTime 600 Listen 8140 <VirtualHost *:8140> SSLEngine On # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/<puppetmaster>.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/ <puppetmaster>.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCAC...
2013 May 30
4
Could not request certificate: Error 405 on SERVER
...] [client 192.168.223.131] File does not exist: /usr/share/puppet/rack/puppetmasterd/public/production/certificate_request/pclient Here is some relevant apache config info: # Only allow high security cryptography. Alter if needed for compatibility. SSLProtocol All -SSLv2 SSLCipherSuite HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/pmaster.localdomain.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/pmaster.localdomain.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLCACertificateFile...
2008 Oct 07
6
https problems
I''m having a problem but don''t know what is causing it so I don''t know exactly where to post, please bear with me. I''m trying to set up https access however whenever I go to https://url_for_site the root route renders but the url is rewritten to http://url_for_site. The ssl request shows in the apache logs but obviously no further ssl requests show up.
2010 Dec 22
3
Using Puppet's client certificates for Apache, SSLVerifyClient
...n against this particular Puppet node''s certificate, and expected it to just plain not work any more, and thereby updating my Puppet master''s key store. Here''s that Apache configuration I was talking about: <VirtualHost 10.1.0.165:443> SSLEngine On SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLCertificateFile /var/lib/puppet/ssl/certs/puppet01.ops.az.domain.local.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/puppet01.ops.az.domain.local.pem SSLCACertificateFile /var/lib/puppet/ssl/ca/ca_crt.pem SSLVerifyClient req...
2012 Apr 22
2
centos 6.2 - puppet 2.7.13 - SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert protocol version
...dir/localconfig pluginsync = true [master] autosign = true ssl_client_header = SSL_CLIENT_S_DN ssl_client_verify_header = SSL_CLIENT_VERIFY My apache vhost is configured like this: <VirtualHost 192.168.1.60:8140> SSLEngine on SSLProtocol -all +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/medion.chatillon.betrancourt.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/medion.chatillon.betrancourt.net.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.p...
2010 Aug 20
5
puppet dashboard gui looks odd from apache2
...these settings PassengerHighPerformance on PassengerMaxPoolSize 12 PassengerPoolIdleTime 1500 # PassengerMaxRequests 1000 PassengerStatThrottleRate 120 RackAutoDetect Off RailsAutoDetect Off Listen 8140 <VirtualHost *:8140> SSLEngine on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/sys-ubuntu.arl.qwestip.net.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/sys-ubuntu.arl.qwestip.net.pem SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem...
2016 Feb 29
0
Problems with ProxyPass to a local ip (using SSL)
....domain > ErrorLog logs/ssl_error.log > CustomLog logs/ssl_access.log combined > CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" > LogLevel info > SSLEngine on > SSLProxyEngine On > SSLProtocol -ALL +SSLv3 +TLSv1 > SSLCipherSuite ALL:!ADH:!EXPORT56:!EXP:!eNULL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2 > SSLCertificateFile /etc/httpd/certs/server.crt > SSLCertificateKeyFile /etc/httpd/certs/server.key > ProxyRequests Off > ProxyPreserveHost On > ProxyPass / http://192.168.1.5:5100/ > ProxyPassReverse /...
2017 Apr 26
0
Apache + SSL: default configuration rated "C" by Qualys Labs
...ity/Server_Side_TLS > > I'm not 100% on any differences in ciphers available, but I don't > think there should be much difference between EL7 and Fedora. > > This config gets my an A+ rating on the sslabs test: > > SSLEngine on > SSLProtocol all -SSLv2 -SSLv3 > SSLCipherSuite "EECDH+aRSA+AESGCM EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 > EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !MEDIUM !SEED !3DES > !CAMELLIA !MD5 !EXP !PSK !SRP !DSS !RC4" > > <IfModule mod_headers.c> > Header always set Strict-Transport-Security "max-age=157...
2015 Mar 04
0
New FREAK SSL Attack CVE-2015-0204
On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote: > Hello, > about the CVE-2015-0204, in apache the following config seems to disable > this vulnerability: > SSLProtocol All -SSLv2 -SSLv3 > SSLCipherSuite > HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4 > > Is something similar possible with dovecot ? I use this with some succes: # dovecot has built-in protection against BEAST, therefore no need # to remove -SSLv2-SHA1:-TLSv10-SHA1 ssl_protocols = !SSLv2 !SSLv3 ssl_ciphe...
2016 Nov 21
0
samba tls protocols and ciphers change how?
...o you can check with.   https://www.htbridge.com/ssl/ https://ssllabs.com https://tls.imirhil.fr https://securityheaders.io/ http://emailsecuritygrader.com/   cli tool, very handy. https://testssl.sh/   https://cipherli.st/  from this site an improved apache (2.4.17+ )  line there. SSLCipherSuite "ECDHE-ECDSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA256 DES-CBC3-SHA AES128...
2009 Aug 26
1
ssl certificate, maximum protection, on the budget?
Hello, I've got a client who wants to go ssl. He's running a web server, smtp/pop, and ftps and imaps is coming as well. I'm looking for a wildcard ssl certificate i believe it's called but one on the budget plan. I am also wanting to ensure that the mod_ssl with httpd on the server is only using the strongest encryption methods and protocols. Thanks. Dave.
2013 Oct 15
0
"Perfect Forward Secrecy" on Redhat/Fedora
...her_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SSLv2:@STRENGTH ______________________________ the same for Apache: SSLHonorCipherOrder On SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type:...
2015 Jan 26
3
Apache and SSLv3
Hi list, I'm configuring apache with https and I've a question about sslv3 deactivation. Running "openssl ciphers -v" I get a list of cypher suite of openssl like: ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD ......... Each lines report relative protocol. Disabling sslv3 with "SSLProtocol all -SSLv3" I can use cypher like:
2012 Jun 14
15
Problem with Load Balancing Puppet masters with Apache mod_proxy
I have a single LB running Apache with mod_proxy in front of a Puppet master. These are the LB and Puppet master configs: <Proxy balancer://puppetmaster> BalancerMember http://192.168.1.10:8140 </Proxy> Listen 8140 <VirtualHost *:8140> SSLEngine on SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP SSLCertificateFile /var/lib/puppet/ssl/certs/ puppetlb.example.com.pem SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/ puppetlb.example.co...