By: Rao Bhamidipati user 17 Dec 2015 at 12:21 p.m. CST

1 Response

Since TLS1.0 has been reported to have security issues, please standardize on TLS1.1 and TLS1.2 ONLY as defaults, so that it is more secure overall and makes necessary changes to the SHA key? We modified the https_gluu.conf to support using TLS1.1 and TLS1.2 picking up an SHA key from an unrelated site. Gluu team should perhaps look at what the correct course here should be. #SSLProtocol -ALL +TLSv1 SSLProtocol -ALL +TLSv1.1 +TLSv1.2 SSLHonorCipherOrder On SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" #SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH:EDH+aRSA:HIGH:!MEDIUM

None

closed

By Mohib Zico staff 17 Dec 2015 at 12:39 p.m. CST

Copy

That's added in 2.4.0. Please use latest version.

You need to Login in order to post an answer

Make TLS 1.1 and 1.2 the default

By: Rao Bhamidipati user 17 Dec 2015 at 12:21 p.m. CST

Answers

By Mohib Zico staff 17 Dec 2015 at 12:39 p.m. CST

Post an answer