Hello Forum,
I had troubles about TLS versions accepted by Apache web server in ZS (3.9.3).
The default configuration that I found in /etc/httpd/ssl.conf had:
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite !ADH:HIGH:MEDIUM
the secure session was established as:
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Latest versions of major browsers start to warn the user if TLS version is under some threshold.
ZS 3.9.3 has OpenSSL v 1.0.2o (27 Mar 2018) which supports also TLSv1.2 (‘openssl ciphers -V’ for the whole list).
I copied /etc/httpd/ssl.conf in /Database/etc/httpd/ssl.conf and edited it with:
SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
(I should remove +SSLv3 ..anyway)
Then I created a ‘post boot’ job with:
/bin/cp /Database/etc/httpd/ssl.conf /etc/httpd/ssl.conf
/etc/init.d/httpd restart
After a reboot the secure session was established as:
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Here the question: is there a better way to achieve it? Any GUI options?
Thanks.