JFI
The important ssl.conf options I ended up with (ie no weak ciphers)...
as of 27Aug21
SSLCipherSuite
DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-GCM-SHA256
Apache fans,
Delighted so report I have got to the bottom of my problem.
So to share a few nuggets!
My confs-enabled/ssl.conf was being overridden by a LetsEncrypt
ssl-options include in the VirtualHost.
Once I have commented out that, I made changes to ssl.conf which were
reflected in the Q
When you are retesting on qualys are you clearing the qualys cache?
There is a link to do so (Clear cache).
If your test results are immediately returning then qualys isn't
rescanning. A scan usually takes about a minute or so.
Jim
On 8/26/2021 3:04 PM, Paul Claridge wrote:
Thanks Jim for re
Hi Paul
Just try
SSLProtocol TLSv1.3
See how that goes and proceed from there.
John Orendt
john.p.ore...@medtronic.com
-Original Message-
From: Paul Claridge
Sent: Thursday, August 26, 2021 3:05 PM
To: users@httpd.apache.org
Subject: [EXTERNAL] Re: [users@httpd] SSL Cipher
Thanks Jim for response.
I spotted an article suggesting SSLProtocol -all +TLSv1.3, but that
didn't make any difference either.
Could it be the Qualys SSL Labs tool is not resetting? Any other
recommendations for testing cipher strength?
With regards to WAF we are using mod_security and I
On 8/26/2021 6:16 AM, Paul Claridge wrote:
Hi Team,
I am trying to configure recommendations from a pentest with regard to
excluding weak ciphers.
My ssl labs report shows the following:
Protocols
TLS 1.3 Yes
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No
Cipher S
Hi Team,
I am trying to configure recommendations from a pentest with regard to
excluding weak ciphers.
My ssl labs report shows the following:
Protocols
TLS 1.3 Yes
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No
Cipher Suites
# TLS 1.3 (suites in server-preferred