Confirmed users
502
edits
Security/Server Side TLS: Difference between revisions
→Citrix Netscaler: fixed the apache section, added dh param note
Gdestuynder (talk | contribs) (→Citrix Netscaler: fixed the apache section, added dh param note) |
|||
| Line 292: | Line 292: | ||
1) Cipher Name: MozillaDefault | 1) Cipher Name: MozillaDefault | ||
Description: User Created Cipher Group | Description: User Created Cipher Group | ||
<pre> | </pre> | ||
== Apache == | == Apache == | ||
Apache + mod_ssl is suitable for SSL termination. Only Apache 2.4+ & recent versions of OpenSSL support TLSv1.1 and TLSv1.2 in the SSLProtocol parameter. Also, only Apache 2.4 honors the SSLCipherSuit correctly. Make sure to test your setup before deploying. | Apache + mod_ssl is suitable for SSL termination. Only Apache 2.4+ & recent versions of OpenSSL support TLSv1.1 and TLSv1.2 in the SSLProtocol parameter. Also, only Apache 2.4 honors the SSLCipherSuit correctly. Make sure to test your setup before deploying. | ||
Note that, As of Apache 2.4.6, the DH parameter is always set to 1024 bits and is not user configurable. Future versions of Apache will automatically select a better value for the DH parameter. | |||
<pre> | <pre> | ||
<VirtualHost *:443> | <VirtualHost *:443> | ||