- This topic has 0 replies, 1 voice, and was last updated 12 months ago by
.
-
Posts
-
Hello Forum,
I had troubles about TLS versions accepted by Apache web server in ZS (3.9.3).
The default configuration that I found in /etc/httpd/ssl.conf had:SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite !ADH:HIGH:MEDIUMthe secure session was established as:
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHALatest versions of major browsers start to warn the user if TLS version is under some threshold.
ZS 3.9.3 has OpenSSL v 1.0.2o (27 Mar 2018) which supports also TLSv1.2 (‘openssl ciphers -V’ for the whole list).I copied /etc/httpd/ssl.conf in /Database/etc/httpd/ssl.conf and edited it with:
SSLProtocol -ALL +SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
(I should remove +SSLv3 ..anyway)
Then I created a ‘post boot’ job with:
/bin/cp /Database/etc/httpd/ssl.conf /etc/httpd/ssl.conf
/etc/init.d/httpd restartAfter a reboot the secure session was established as:
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384Here the question: is there a better way to achieve it? Any GUI options?
Thanks.
- You must be logged in to reply to this topic.