[ic] {OT} hardening SSL without rejecting users
Grant
emailgrant at gmail.com
Tue Jun 8 18:30:37 UTC 2010
>> I've been advised to harden my SSL in the following ways:
>>
>> 1. disable SSL 2.0
>> 2. disable use of SSL ciphers which offer either weak or no encryption
>> 3. disable anonymous SSL ciphers
>>
>> Will some website users not be able to use https if I do this?
>
> Should be fine. That's all been good practice for years now.
>
> A good Apache mod_ssl configuration to achieve that is:
>
> SSLProtocol all -SSLv2
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
>
> Jon
Thanks Jon. I actually had to append ":-eNULL" to pass PCI Compliance.
- Grant
More information about the interchange-users
mailing list