Web Server: OpenSSL Cipher Suite
From Resin 4.0 Wiki
(Difference between revisions)
| (2 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
{{WebServer}} {{Cookbook}} {{Security}} {{Config}} | {{WebServer}} {{Cookbook}} {{Security}} {{Config}} | ||
| − | Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl> block. | + | Modifying OpenSSL to specify allowed cipher suites and protocols can be done in the Resin application server configuration file, resin.xml, in the <openssl> block. |
| + | |||
| + | === conf/resin.xml === | ||
<pre> | <pre> | ||
| + | <resin xmlns="http://caucho.com/ns/resin"> | ||
| + | ... | ||
| + | <cluster id="web-tier"> | ||
| + | <server id="..."> | ||
| + | |||
<http port="443"> | <http port="443"> | ||
... | ... | ||
| Line 15: | Line 22: | ||
</openssl> | </openssl> | ||
</http> | </http> | ||
| + | |||
| + | </server> | ||
| + | |||
| + | ... | ||
</pre> | </pre> | ||
Latest revision as of 00:00, 28 January 2012
Modifying OpenSSL to specify allowed cipher suites and protocols can be done in the Resin application server configuration file, resin.xml, in the <openssl> block.
conf/resin.xml
<resin xmlns="http://caucho.com/ns/resin">
...
<cluster id="web-tier">
<server id="...">
<http port="443">
...
<openssl>
<certificate-key-file>keys/your_domain.key</certificate-key-file>
<certificate-file>keys/your_domain.crt</certificate-file>
<certificate-chain-file>keys/chain.txt</certificate-chain-file>
<password>test123</password>
<cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite>
<protocol>-all +sslv3 +tlsv1</protocol>
</openssl>
</http>
</server>
...
Typically this is required for website PCI compliance.
Refer to the Resin SSL documentation for more information.
