Security: June 2010 Archives

How to dial up encryption so high in Apache that it breaks IE and Chrome

By
Larry
on June 4, 2010 4:14 PM | | Comments (1) | TrackBacks (0)

So you want to require strong encryption in Apache's httpd 2.0? So strong that Firefox is the only browser that can connect?
In /etc/httpd/conf.d/ssl.conf, edit the two lines as below:
SSLProtocol TLSv1
SSLCipherSuite HIGH
Then go to
/etc/httpd/conf/httpd.conf and edit your 

<Directory> </Directory>
to include the following line:
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 256
Then
apachectl configtest
to check for typos.
Finally
/etc/rc.d/init.d/httpd restart

What this does is make browsers do
TLSv1 DHE-RSA-CAMELLIA256-SHA only.

You can then watch your SSL handshakes fail from IE and Chrome. If you want to require strong encryption across browsers, edit ssl.conf to look like this:

SSLProtocol TLSv1
SSLCipherSuite AES256-SHA

Then you'll have reasonably strong encryption.

« Security: October 2009 | Main Index | Archives | Security: November 2010 »

Search

About this Archive

This page is a archive of entries in the Security category from June 2010.

Security: October 2009 is the previous archive.

Security: November 2010 is the next archive.

Find recent content on the main index or look in the archives to find all content.