TOMCAT The configuration file for Tomcat should be in: This tells NGINX to only enable the TLS 1.2 protocol. In your configuration file(s), find the entry for "ssl_protocols" and modify it to match the following: It may also be in individual server block configurations in: The global NGINX configuration file is located in: NGINX NGINX may also be configured in multiple places.
The last step is to restart the Apache service: This tells Apache to enable all protocols, but disable SSLv2, SSLv3, TLS 1.0 and TLS 1.1. SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
In your configuration file(s), find the entry "SSLProtocol" and modify it to look like: On Red Hat / CentOS based systems: /etc/httpd/sites-enabled/ On Debian / Ubuntu based systems: /etc/apache2/sites-enabled/ If it is configured in a virtual host, the configuration files will generally be: On Red Hat / CentOS based systems: /etc/httpd/conf/nf On Debian / Ubuntu based systems: /etc/apache2/nf The default Apache configuration file can be found: Disabling SSLv2, SSLv3, TLSv1, and TLSv1.1ĭepending on your configuration, this may need to be changed in multiple locations. For this reason, you should disable SSLv2, SSLv3, TLS 1.0 and TLS 1.1 in your server configuration, leaving only TLS protocols 1.2 and 1.3 enabled. Over the years vulnerabilities have been and continue to be discovered in the deprecated SSL and TLS protocols.
This is also where a server will provide its digital certificate to a connecting client. During this handshake the client and server will work out what mutual ciphers and hash algorithms are supported. A "handshake" is done at the start of a TLS or SSL connection. Introduction Secure Socket Layer (SSL) and Transport Layer Security (TLS) are both cryptographic protocols providing communication security over a network for example a client connecting to a web server.
0 kommentar(er)
