Project

General

Profile

Enhancement #460

Updated by Pierre-Louis Bonicoli over 8 years ago

Checks: 
 * NULL,EXPORT,LOW,3DES,aNULL must be disabled 
 * RC4 must be disabled 
 * SSLv2,SSLv3 must be disabled 
 * TLSv1.1,TLSv1.2 must be enabled 
 * PFS must be enabled 

 * SSL Compression must be disabled 

 Configuration updates needed: 
 * Postgresql (default conf used @HIGH:MEDIUM:+3DES:!aNULL@) 
 * Apache (@RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW@) 

 * References 
 ** https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher 
 ** https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ 
 ** http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html 
 ** https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations 
 ** https://github.com/ioerror/duraconf 
 * Tools: 
 ** https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh

Back