SUSE Conversations


Resolve Cipher and SSL Threats in Security Scans



By: ndbreeding01

November 7, 2008 12:23 pm

Reads:188

Comments:0

Rating:0

The remote service supports the use of weak SSL ciphers.

Modify the /etc/apache2/vhosts.d/vhost-ssl.conf with the following line:

SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

 

change to:

SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:+eNULL" set in

 

The “!” prevents the export of the ciphers causing problems.

Change +LOW to !LOW to prevent all low strength ciphers
Change +SSLv2 to !SSLv2 to preven all SSL version 2.0 chipers
Change +EXP to !EXP to prevent all export ciphers.

Deprecated SSL Protocol Usage

Add the following to /etc/apache2/vhosts.d/vhost-ssl.conf

"SSLProtocol -All +SSLv3 +TLSv1"

 

-All removes all SSL Protocols
+SSLv3 adds SSL version 3
+TLSv1 add TLS version 1

Restart apache (rcapache2 restart) and rescan

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: SUSE Linux Enterprise Server, Technical Solutions

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS