Linux SSL/TLS

From Ever changing code
Revision as of 13:25, 13 July 2016 by Pio2pio (talk | contribs) (Created page with "The main SSL tools on Linux to manage certificates are *keytool *openssl =Usefull OpenSSL commands= == Disabling Diffie-Hellman on Apache Servers == On each web server, in t...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The main SSL tools on Linux to manage certificates are

  • keytool
  • openssl

Usefull OpenSSL commands

Disabling Diffie-Hellman on Apache Servers

On each web server, in the ssl.conf file or, in some cases, the main Apache conf file, add the !DH: identifier to the start of the SSLCipherSuite config option string.

Procedure In Apache's conf directory, locate file: ssl.conf or httpd.conf

Look for the SSLCipherSuite keyword, whose string value must be similar to the following string: 

"ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"

Add !DH: after the ALL: list so that the line looks like the following string: 

"ALL:!DH:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"

Note: The !ADH: string in the above string is now redundant and can be removed. Repeat this edit in every SSL config section, if you are not using one global section. Save the file. Restart the web server for the changes to take effect.

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Linux_SSL/TLS&oldid=2082