Secure
Socket Layer (SSL) and Transport Layer Security (TLS) are both cryptographic
protocols providing encrypted and secure communication between servers, clients,
machines and applications operating over a network.
The default Apache configuration files:
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/ssl.conf
Find the entry ‘SSLProtocol’ in above mentioned files and modify as below:
Find the entry ‘SSLProtocol’ in above mentioned files and modify as below:
[root@linuxcnf ~]# vi
/etc/httpd/conf.d/ssl.conf
SSLProtocol -ALL
+TLSV1.2
|
In
the above changes the apache service will disable all protocols, but enable TLSV1.2
Verify the configuration changes:
[root@linuxcnf ~]# cat
/etc/httpd/conf.d/ssl.conf |grep SSLProtocol
SSLProtocol -ALL
+TLSV1.2
[root@linuxcnf ~]#
|
Restart the Apache service to complete
the changes:
[root@linuxcnf ~]#
service httpd restart
Redirecting to
/bin/systemctl restart httpd.service
[root@linuxcnf ~]#
|
To
verify the TSLv1.2 is enabled on the server:
[root@ linuxcnf ~]#
openssl s_client -connect 192.168.43.105:443 -tls1_2|grep -i supported
depth=0 C = --, ST =
SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit,
CN = linuxcnf, emailAddress = root@ linuxcnf
verify
error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = --, ST =
SomeState, L = SomeCity, O = SomeOrganization, OU = SomeOrganizationalUnit,
CN = linuxcnf, emailAddress = root@ linuxcnf
verify
error:num=21:unable to verify the first certificate
verify return:1
Secure
Renegotiation IS supported
^c
[root@ linuxcnf ~]#
|
We can see the Secure
Renegotiation IS supported.
No comments:
Post a Comment