Within the server.xml, find the sslProtocols entry and make sure only TLS 1.2 protocol is specified: sslProtocols = "TLSv1.2" Tomcat 6 & 7 (6.0.3.8 and newer) TOMCAT The configuration file for Tomcat should be in: TOMCAT_HOME/conf/server.xml Tomcat 5 & 6 (Prior to 6.0.38) Restart NGINX to complete the changes: service nginx restart The global NGINX configuration file is located in: /etc/nginx/nf It may also be in individual server block configurations in: /etc/nginx/sites-enabled/ In your configuration file(s), find the entry for "ssl_protocols" and modify it to match the following: ssl_protocols TLSv1.2 This tells NGINX to only enable the TLS 1.2 protocol. NGINX NGINX may also be configured in multiple places. The last step is to restart the Apache service: service apache2 restart or service httpd restart The default Apache configuration file can be found: On Debian / Ubuntu based systems: /etc/apache2/nf On Red Hat / CentOS based systems: /etc/httpd/conf/nf If it is configured in a virtual host, the configuration files will generally be: On Debian / Ubuntu based systems: /etc/apache2/sites-enabled/ On Red Hat / CentOS based systems: /etc/httpd/sites-enabled/ In your configuration file(s), find the entry "SSLProtocol" and modify it to look like: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 This tells Apache to enable all protocols, but disable SSLv2, SSLv3, TLS 1.0 and TLS 1.1.
Disabling SSLv2, SSLv3, TLSv1, and TLSv1.1ĪPACHE Depending on your configuration, this may need to be changed in multiple locations. For this reason, you should disable SSLv2, SSLv3, TLS 1.0 and TLS 1.1 in your server configuration, leaving only TLS protocols 1.2 and 1.3 enabled. Over the years vulnerabilities have been and continue to be discovered in the deprecated SSL and TLS protocols. This is also where a server will provide its digital certificate to a connecting client.
During this handshake the client and server will work out what mutual ciphers and hash algorithms are supported.
A "handshake" is done at the start of a TLS or SSL connection. Introduction Secure Socket Layer (SSL) and Transport Layer Security (TLS) are both cryptographic protocols providing communication security over a network for example a client connecting to a web server.
0 kommentar(er)
