SSL-config is not secure enough #35

iXware71 · 2021-04-03T09:55:03Z

The apache ssl config is not secure enough. The ssl test at https://ssllabs.com/ssltest only gives an overall rating of "B".

Please check https://bettercrypto.org/#_apache for better apache configuration.

The "header" parameters are not necessary for a better rating, but the parameters SSLProtocol and SSLCipherSuite are important.

Add this in /etc/apache2/sites-available/000-default.conf before line "</VirtualHost>":

SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
SSLCompression off

SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'

ckulka · 2021-04-05T01:56:37Z

Hi @iXware71 , I'll add it to Apache (and also checl the nginx settings) in the next release, thanks!

Addresses #35

ckulka · 2021-05-18T22:33:45Z

Closing this issue given this is fixed in master and will be part of the next release version of Baikal.

Thanks again @iXware71 to point it out 👍

iXware71 changed the title ~~SSL-config is not secure~~ SSL-config is not secure enough Apr 3, 2021

ckulka added a commit that referenced this issue Apr 7, 2021

Improved Apache SSL settings

6402acf

Addresses #35

ckulka self-assigned this Apr 7, 2021

ckulka closed this as completed May 18, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SSL-config is not secure enough #35

SSL-config is not secure enough #35

iXware71 commented Apr 3, 2021 •

edited

Loading

ckulka commented Apr 5, 2021

ckulka commented May 18, 2021

SSL-config is not secure enough #35

SSL-config is not secure enough #35

Comments

iXware71 commented Apr 3, 2021 • edited Loading

ckulka commented Apr 5, 2021

ckulka commented May 18, 2021

iXware71 commented Apr 3, 2021 •

edited

Loading