2017-03-30 14:07 GMT+02:00 Abernathy, Don <DAbernathy@mfs.com>:

Most common way we did this was in the Virtual host directive for the SSL side of the site, was to declare what is and is not allowed.

Plenty of docs on this out there but here is ours:

 


This is IBM HTTP Server not Apache HTTPD!
 

 

SSLEnable

SSLProtocolDisable SSLv2 SSLv3

SSLCipherSpec ALL NONE

SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

SSLCipherSpec ALL TLS_RSA_WITH_AES_128_GCM_SHA256

SSLCipherSpec ALL TLS_RSA_WITH_AES_256_GCM_SHA384

SSLCipherSpec ALL TLS_RSA_WITH_AES_128_CBC_SHA256

SSLCipherSpec ALL TLS_RSA_WITH_AES_256_CBC_SHA256

SSLClientAuth 0

              

Don Abernathy

Group Manager- Web Services

T: 617-954-4127
MFS Investment Management
111 Huntington Ave, Boston, MA 02199





--
Daniel Ferradal
IT Specialist

email         dferradal at gmail.com