Security

networking

forum:sblantipodi 10 years, 9 months ago

On this site:

https://www.ssllabs.com/ssltest/index.html

you can test your security weakness about TLS/SSL.

I get a grade B because in this section
> Cipher Suites (sorted by strength; the server has no preference)

TLSRSAWITHDESCBC_SHA (0x9) WEAK 56

TLSDHERSAWITHDESCBCSHA (0x15) DH 1024 bits (p: 128, g: 1, Ys: 128) FS WEAK 56

As you can see I get weak ciher.

How can I disable this cipher?

solved with this in ssl.conf.

> SSLProtocol -ALL +SSLv3 +TLSv1

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT

~~@sblantipodi:~~

solved with this in ssl.conf.

> SSLProtocol -ALL +SSLv3 +TLSv1

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT

I'd ditch SSLv3 entirely and just use TLS 1.0, 1.1 and 1.2.

Description

Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

**I am bold** I am bold

*I am italicized* I am italicized