httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel <dferra...@gmail.com>
Subject Re: [users@httpd] RE: Enabling Forward secrecy on SSL
Date Thu, 30 Mar 2017 17:30:46 GMT
2017-03-30 14:07 GMT+02:00 Abernathy, Don <DAbernathy@mfs.com>:

> Most common way we did this was in the Virtual host directive for the SSL
> side of the site, was to declare what is and is not allowed.
>
> Plenty of docs on this out there but here is ours:
>
>
>

This is IBM HTTP Server not Apache HTTPD!


>
>
> SSLEnable
>
> SSLProtocolDisable SSLv2 SSLv3
>
> SSLCipherSpec ALL NONE
>
> SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
>
> SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
>
> SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
>
> SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
>
> SSLCipherSpec ALL TLS_RSA_WITH_AES_128_GCM_SHA256
>
> SSLCipherSpec ALL TLS_RSA_WITH_AES_256_GCM_SHA384
>
> SSLCipherSpec ALL TLS_RSA_WITH_AES_128_CBC_SHA256
>
> SSLCipherSpec ALL TLS_RSA_WITH_AES_256_CBC_SHA256
>
> SSLClientAuth 0
>
>
>
> *Don Abernathy *
>
> *Group Manager- Web Services*
>
> *T:* 617-954-4127 <(617)%20954-4127>
> MFS Investment Management
> 111 Huntington Ave, Boston, MA 02199
>
>
>


-- 
*Daniel Ferradal*
IT Specialist

email         dferradal at gmail.com
linkedin     es.linkedin.com/in/danielferradal

Mime
View raw message