Actions
Enhancement #460
closedSSL/TLS: check ciphers
Start date:
2015-07-09
Due date:
% Done:
100%
Estimated time:
Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Yes
Help Needed:
Description
Checks:
- NULL,EXPORT,LOW,3DES,aNULL must be disabled
- RC4 must be disabled
- SSLv2,SSLv3 must be disabled
- TLSv1.1,TLSv1.2 must be enabled
- PFS must be enabled
- SSL Compression must be disabled
- Postgresql (default conf used
HIGH:MEDIUM:+3DES:!aNULL
) - Apache (
RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
)
- References
- https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher
- https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
- http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
- https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
- https://github.com/ioerror/duraconf
- Tools:
Actions