From: Scott G. <sc...@sc...> - 2015-06-23 16:21:38
|
By the way, ignore my CipherSuite line in there — you obviously don’t want SSLv2, +LOW, +MEDIUM and other components - you’ll likely just want the TLS v1.2 ciphers, which are listed here: https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites <https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites> Not sure what the CipherSuite string should look like to support that, but if I have time this week I’ll see if I can figure it out. Be aware that restricting to just TLS 1.2 may cause some older browsers to not work with your site, but I haven’t done hands-on work in this area in years, so I’m not up-to-date on proper configurations. /s. > On Jun 23, 2015, at 12:00 PM, Scott Goodwin <sc...@sc...> wrote: > > An AOLserver configuration file from an old server I used to run has this section defined: > > ns_param Protocol "SSLv2, SSLv3, TLSv1" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > > From the OpenSSL documentation: > Only enable TLSv1.2: > > SSL_CONF_cmd(ctx, "Protocol", "-ALL,TLSv1.2"); > > > So I’d assume the following would restrict AOLserver to ONLY use TLS 1.2: > > ns_param Protocol “-ALL,TLSv1.2" > ns_param CipherSuite "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" > > > /s. > > >> On Jun 23, 2015, at 10:36 AM, Paula Giangeruso <pgi...@wi... <mailto:pgi...@wi...>> wrote: >> >> Does anyone have TLS v1.2 working on AOLserver? If so how did you go about doing this? >> >> Thank You, >> Paula >> >> -- >> Paula Giangeruso - Vice President/Engineering >> pgi...@wi... <mailto:pgi...@wi...> | www.wineaccess.com <http://www.wineaccess.com/> >> O: ( <>610) 642-1255 | F: (610) 642-1277 | C: (609) 731-8092 >> >> wineaccess ® >> direct from the source >> ------------------------------------------------------------------------------ >> Monitor 25 network devices or servers for free with OpManager! >> OpManager is web-based network management software that monitors >> network devices and physical & virtual servers, alerts via email & sms >> for fault. Monitor 25 devices for free with no restriction. Download now >> http://ad.doubleclick.net/ddm/clk/292181274;119417398;o_______________________________________________ <http://ad.doubleclick.net/ddm/clk/292181274;119417398;o_______________________________________________> >> aolserver-talk mailing list >> aol...@li... >> https://lists.sourceforge.net/lists/listinfo/aolserver-talk > |