Web Server: OpenSSL Cipher Suite
From Resin 4.0 Wiki
(Difference between revisions)
(moved Resin Health System:Tracking And Reporting Anomolies to Resin Health System:Tracking And Reporting Anomalies: spelling) |
|||
| (7 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | {{WebServer}} {{Cookbook}} {{Security}} {{Config}} | |
| + | |||
| + | Modifying OpenSSL to specify allowed cipher suites and protocols can be done in the Resin application server configuration file, resin.xml, in the <openssl> block. | ||
| + | |||
| + | === conf/resin.xml === | ||
| + | |||
| + | <pre> | ||
| + | <resin xmlns="http://caucho.com/ns/resin"> | ||
| + | ... | ||
| + | <cluster id="web-tier"> | ||
| + | <server id="..."> | ||
| + | |||
| + | <http port="443"> | ||
| + | ... | ||
| + | <openssl> | ||
| + | <certificate-key-file>keys/your_domain.key</certificate-key-file> | ||
| + | <certificate-file>keys/your_domain.crt</certificate-file> | ||
| + | <certificate-chain-file>keys/chain.txt</certificate-chain-file> | ||
| + | <password>test123</password> | ||
| + | <cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite> | ||
| + | <protocol>-all +sslv3 +tlsv1</protocol> | ||
| + | </openssl> | ||
| + | </http> | ||
| + | |||
| + | </server> | ||
| + | |||
| + | ... | ||
| + | </pre> | ||
| + | |||
| + | Typically this is required for website PCI compliance. | ||
| + | |||
| + | Refer to the [http://caucho.com/resin-4.0/admin/security-ssl.xtp Resin SSL documentation] for more information. | ||
Latest revision as of 00:00, 28 January 2012
Modifying OpenSSL to specify allowed cipher suites and protocols can be done in the Resin application server configuration file, resin.xml, in the <openssl> block.
[edit] conf/resin.xml
<resin xmlns="http://caucho.com/ns/resin">
...
<cluster id="web-tier">
<server id="...">
<http port="443">
...
<openssl>
<certificate-key-file>keys/your_domain.key</certificate-key-file>
<certificate-file>keys/your_domain.crt</certificate-file>
<certificate-chain-file>keys/chain.txt</certificate-chain-file>
<password>test123</password>
<cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite>
<protocol>-all +sslv3 +tlsv1</protocol>
</openssl>
</http>
</server>
...
Typically this is required for website PCI compliance.
Refer to the Resin SSL documentation for more information.
