Apache TLS versions

Home Page Forums Network Management ZeroShell Apache TLS versions

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #65993
    Lucius ConFabula
    Participant

    Hello Forum,
    I had troubles about TLS versions accepted by Apache web server in ZS (3.9.3).
    The default configuration that I found in /etc/httpd/ssl.conf had:

    SSLProtocol -ALL +SSLv3 +TLSv1
    SSLCipherSuite !ADH:HIGH:MEDIUM

    the secure session was established as:

    SSL-Session:
    Protocol : TLSv1
    Cipher : ECDHE-RSA-AES256-SHA

    Latest versions of major browsers start to warn the user if TLS version is under some threshold.
    ZS 3.9.3 has OpenSSL v 1.0.2o (27 Mar 2018) which supports also TLSv1.2 (‘openssl ciphers -V’ for the whole list).

    I copied /etc/httpd/ssl.conf in /Database/etc/httpd/ssl.conf and edited it with:

    SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2

    (I should remove +SSLv3 ..anyway)

    Then I created a ‘post boot’ job with:
    /bin/cp /Database/etc/httpd/ssl.conf /etc/httpd/ssl.conf
    /etc/init.d/httpd restart

    After a reboot the secure session was established as:

    SSL-Session:
    Protocol : TLSv1.2
    Cipher : ECDHE-RSA-AES256-GCM-SHA384

    Here the question: is there a better way to achieve it? Any GUI options?

    Thanks.

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.