Hi,
I succesfully configured CentOS 6 to get an "A SCORE" in the qualys ssl labs test.
On CentOS 7 I get tremendous result.
My CentOS box is completely unsecure.
It seems that there is no support to TLS1.1 and 1.2, what should be the correct rule to put in /etc/httpd/conf.d/ssl.conf ???
Is there a guide on securing SSL on CentOS 7?
CentOS 7 correct settings for OpenSSL, apache, postfix.
-
- Posts: 252
- Joined: 2009/07/10 09:43:13
- Contact:
Re: CentOS 7 correct settings for OpenSSL, apache, postfix.
That's not true. The config files used for the versions of Apache between 6 and 7 aren't that much different. I have exactly this in /etc/httpd/conf.d/ssl.conf on one of my RHEL 7 Apache servers:It seems that there is no support to TLS1.1 and 1.2
Code: Select all
# SSL Protocol support:
# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2 -SSLv3
-- Jeremy --
Re: CentOS 7 correct settings for OpenSSL, apache, postfix.
Type openssl ciphers -v 'TLSv1.2' that'll list the available ciphers in the TLS1.2 support group.
-
- Posts: 252
- Joined: 2009/07/10 09:43:13
- Contact:
Re: CentOS 7 correct settings for OpenSSL, apache, postfix.
I figured it out, I had a bad configuration of the ssl.conf
now all works fine and I have disabled SSL3 for the recent security hole discovered by google.
now all works fine and I have disabled SSL3 for the recent security hole discovered by google.