Web Server: OpenSSL Cipher Suite
From Resin 4.0 Wiki
(Difference between revisions)
(moved Resin Health System:Tracking And Reporting Anomolies to Resin Health System:Tracking And Reporting Anomalies: spelling) |
|||
(7 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | {{WebServer}} {{Cookbook}} {{Security}} {{Config}} | |
+ | |||
+ | Modifying OpenSSL to specify allowed cipher suites and protocols can be done in the Resin application server configuration file, resin.xml, in the <openssl> block. | ||
+ | |||
+ | === conf/resin.xml === | ||
+ | |||
+ | <pre> | ||
+ | <resin xmlns="http://caucho.com/ns/resin"> | ||
+ | ... | ||
+ | <cluster id="web-tier"> | ||
+ | <server id="..."> | ||
+ | |||
+ | <http port="443"> | ||
+ | ... | ||
+ | <openssl> | ||
+ | <certificate-key-file>keys/your_domain.key</certificate-key-file> | ||
+ | <certificate-file>keys/your_domain.crt</certificate-file> | ||
+ | <certificate-chain-file>keys/chain.txt</certificate-chain-file> | ||
+ | <password>test123</password> | ||
+ | <cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite> | ||
+ | <protocol>-all +sslv3 +tlsv1</protocol> | ||
+ | </openssl> | ||
+ | </http> | ||
+ | |||
+ | </server> | ||
+ | |||
+ | ... | ||
+ | </pre> | ||
+ | |||
+ | Typically this is required for website PCI compliance. | ||
+ | |||
+ | Refer to the [http://caucho.com/resin-4.0/admin/security-ssl.xtp Resin SSL documentation] for more information. |
Latest revision as of 00:00, 28 January 2012
Modifying OpenSSL to specify allowed cipher suites and protocols can be done in the Resin application server configuration file, resin.xml, in the <openssl> block.
conf/resin.xml
<resin xmlns="http://caucho.com/ns/resin"> ... <cluster id="web-tier"> <server id="..."> <http port="443"> ... <openssl> <certificate-key-file>keys/your_domain.key</certificate-key-file> <certificate-file>keys/your_domain.crt</certificate-file> <certificate-chain-file>keys/chain.txt</certificate-chain-file> <password>test123</password> <cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite> <protocol>-all +sslv3 +tlsv1</protocol> </openssl> </http> </server> ...
Typically this is required for website PCI compliance.
Refer to the Resin SSL documentation for more information.