CentOS 7 correct settings for OpenSSL, apache, postfix.

Support for security such as Firewalls and securing linux
Post Reply
sblantipodi
Posts: 252
Joined: 2009/07/10 09:43:13
Contact:

CentOS 7 correct settings for OpenSSL, apache, postfix.

Post by sblantipodi » 2014/10/17 08:47:43

Hi,
I succesfully configured CentOS 6 to get an "A SCORE" in the qualys ssl labs test.

On CentOS 7 I get tremendous result.
My CentOS box is completely unsecure.

It seems that there is no support to TLS1.1 and 1.2, what should be the correct rule to put in /etc/httpd/conf.d/ssl.conf ???
Is there a guide on securing SSL on CentOS 7?

User avatar
jyoung
Posts: 102
Joined: 2014/09/22 13:40:31
Location: Nashville, TN, USA

Re: CentOS 7 correct settings for OpenSSL, apache, postfix.

Post by jyoung » 2014/10/17 13:48:49

It seems that there is no support to TLS1.1 and 1.2
That's not true. The config files used for the versions of Apache between 6 and 7 aren't that much different. I have exactly this in /etc/httpd/conf.d/ssl.conf on one of my RHEL 7 Apache servers:

Code: Select all

#   SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect.  Disable SSLv2 access by default:
SSLProtocol all -SSLv2 -SSLv3
-- Jeremy --

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: CentOS 7 correct settings for OpenSSL, apache, postfix.

Post by aks » 2014/10/17 16:37:45

Type openssl ciphers -v 'TLSv1.2' that'll list the available ciphers in the TLS1.2 support group.

sblantipodi
Posts: 252
Joined: 2009/07/10 09:43:13
Contact:

Re: CentOS 7 correct settings for OpenSSL, apache, postfix.

Post by sblantipodi » 2014/10/19 13:53:04

I figured it out, I had a bad configuration of the ssl.conf
now all works fine and I have disabled SSL3 for the recent security hole discovered by google.

Post Reply