Advice needed with SSL protocols and cipher suites

Support for security such as Firewalls and securing linux
SilverArrow
Posts: 6
Joined: 2014/05/01 13:41:15

Re: Advice needed with SSL protocols and cipher suites

Post by SilverArrow » 2016/01/25 17:19:01

Me too I put a lot of energy into achieving A+ rating. The only thing preventing me from getting a perfect score is the damned IE6/IE8 and old java lol.

I've had those configs since Centos 6.5 and up to 6.7, they still work nicely.
Here's my Apache 2.4.9 config for the ssl/ciphers, I hope it'll help you, and I also use a 4096 bits certificate:

<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /path/to/your/file.crt
SSLCertificateKeyFile /path/to/your/file.key
SSLProtocol ALL -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite AES256+EECDH:AES256+EDH:AES128+EECDH:AES128+EDH:EDH+AES:RSA+AESGCM:!aNULL
#RSA+AESGCM is non-FS, but needed in case I want to allow lower security browsers
SSLCompression Off
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
SSLOCSPEnable on
</VirtualHost>

SSLUseStapling On
SSLStaplingCache "shmcb://var/cache/httpd/stapling_cache(128000)"

qpidity
Posts: 7
Joined: 2015/12/02 19:35:51

Re: Advice needed with SSL protocols and cipher suites

Post by qpidity » 2016/01/25 17:44:30

Thanks for your help. I got it resolved after upgrading Plesk which was overriding the settings I had initially set in place. It was indeed a case of tracking down the vhosts and ensuring each had the appropriate settings

Post Reply

Return to “CentOS 6 - Security Support”