How to dial up encryption so high in Apache that it breaks IE and Chrome

By Larry on June 4, 2010 4:14 PM | 1 Comment | No TrackBacks

So you want to require strong encryption in Apache's httpd 2.0? So strong that Firefox is the only browser that can connect?
In /etc/httpd/conf.d/ssl.conf, edit the two lines as below:
SSLProtocol TLSv1
SSLCipherSuite HIGH
Then go to
/etc/httpd/conf/httpd.conf and edit your 

<Directory> </Directory>
to include the following line:
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 256
Then
apachectl configtest
to check for typos.
Finally
/etc/rc.d/init.d/httpd restart

What this does is make browsers do
TLSv1 DHE-RSA-CAMELLIA256-SHA only.

You can then watch your SSL handshakes fail from IE and Chrome. If you want to require strong encryption across browsers, edit ssl.conf to look like this:

SSLProtocol TLSv1
SSLCipherSuite AES256-SHA

Then you'll have reasonably strong encryption.

Categories:

Tags:

No TrackBacks

TrackBack URL: http://cw.sampas.net/cgi-bin/mt5/mt-tb.cgi/204

1 Comment

Larry | June 8, 2010 9:59 AM | Reply

Just testing SSO to google. wow.

Leave a comment

Search

About this Entry

This page contains a single entry by Larry published on June 4, 2010 4:14 PM.

How Microsoft does security monitoring. was the previous entry in this blog.

Upgrading to MT 5: Comment Login via... is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.