Hardening ssl ciphers

Post author:jonathansblog
Post published:November 28, 2015
Post category:Apache / Commandline / Development
Post comments:2 Comments

Hardening ssl ciphers. I wrote a post previously about disabling sslv2 and enabling sslv3 and tlsv1. Times have changed since then, its been best-practice for a long time now to only use tlsv1.1 and tlsv1.2 with forward secrecy. This post replaces the previous post, and will be updated with the latest best-practices as they appear.

Pages: 1 2 3 4 5 6 7

Tags: Control, Edit, Exchange, File, Free, Group, Open, Server, Ssh, Time, Tools, Web

This Post Has 2 Comments

Brandon Martin November 30, 2015 Log in to Reply

I’ve added these configs to my nginx servers to harden the ssl:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_prefer_server_ciphers on;

Place them in the http block. Generate the dhparam with openssl: openssl dhparam -out dhparam.pem 4096
1. jonathan November 30, 2015 Log in to Reply
  
  awesome, thanks

You Might Also Like

Howto remove wordpress category base with more automatic 301’s

Php stuff. mod rewrite and a custom url parser.

Setting up XMAPP on a mac with xdebug

This Post Has 2 Comments

Leave a ReplyCancel reply