Linux SSL/TLS
Jump to navigation
Jump to search
The main SSL tools on Linux to manage certificates are
- keytool
- openssl
Usefull OpenSSL commands
Disabling Diffie-Hellman on Apache Servers
On each web server, in the ssl.conf file or, in some cases, the main Apache conf file, add the !DH: identifier to the start of the SSLCipherSuite config option string.
Procedure In Apache's conf directory, locate file: ssl.conf or httpd.conf
Look for the SSLCipherSuite keyword, whose string value must be similar to the following string:
"ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
Add !DH:
after the ALL:
list so that the line looks like the following string:
"ALL:!DH:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
Note: The !ADH:
string in the above string is now redundant and can be removed. Repeat this edit in every SSL config section, if you are not using one global section. Save the file. Restart the web server for the changes to take effect.