By: Rao Bhamidipati user 17 Dec 2015 at 12:21 p.m. CST

1 Response
Rao Bhamidipati gravatar
Since TLS1.0 has been reported to have security issues, please standardize on TLS1.1 and TLS1.2 ONLY as defaults, so that it is more secure overall and makes necessary changes to the SHA key? We modified the https_gluu.conf to support using TLS1.1 and TLS1.2 picking up an SHA key from an unrelated site. Gluu team should perhaps look at what the correct course here should be. #SSLProtocol -ALL +TLSv1 SSLProtocol -ALL +TLSv1.1 +TLSv1.2 SSLHonorCipherOrder On SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \ EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \ EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" #SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+SHA384:EECDH:EDH+aRSA:HIGH:!MEDIUM

By Mohib Zico staff 17 Dec 2015 at 12:39 p.m. CST

Mohib Zico gravatar
That's added in 2.4.0. Please use latest version.