Enhancement #460
Updated by Pierre-Louis Bonicoli over 8 years ago
Checks:
* NULL,EXPORT,LOW,3DES,aNULL must be disabled
* RC4 must be disabled
* SSLv2,SSLv3 must be disabled
* TLSv1.1,TLSv1.2 must be enabled
* PFS must be enabled
* SSL Compression must be disabled
Configuration updates needed:
* Postgresql (default conf used @HIGH:MEDIUM:+3DES:!aNULL@)
* Apache (@RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW@)
* References
** https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-cipher
** https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
** http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
** https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
** https://github.com/ioerror/duraconf
* Tools:
** https://github.com/jvehent/tlsnames/blob/master/convert_openssl_to_gnutls.sh