Web Server: OpenSSL Cipher Suite
From Resin 4.0 Wiki
(Difference between revisions)
(2 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
− | {{WebServer}} {{Cookbook}} {{Security}} | + | {{WebServer}} {{Cookbook}} {{Security}} {{Config}} |
− | Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl> block. | + | Modifying OpenSSL to specify allowed cipher suites and protocols can be done in the Resin application server configuration file, resin.xml, in the <openssl> block. |
+ | |||
+ | === conf/resin.xml === | ||
<pre> | <pre> | ||
+ | <resin xmlns="http://caucho.com/ns/resin"> | ||
+ | ... | ||
+ | <cluster id="web-tier"> | ||
+ | <server id="..."> | ||
+ | |||
<http port="443"> | <http port="443"> | ||
... | ... | ||
Line 15: | Line 22: | ||
</openssl> | </openssl> | ||
</http> | </http> | ||
+ | |||
+ | </server> | ||
+ | |||
+ | ... | ||
</pre> | </pre> | ||
Latest revision as of 00:00, 28 January 2012
Modifying OpenSSL to specify allowed cipher suites and protocols can be done in the Resin application server configuration file, resin.xml, in the <openssl> block.
[edit] conf/resin.xml
<resin xmlns="http://caucho.com/ns/resin"> ... <cluster id="web-tier"> <server id="..."> <http port="443"> ... <openssl> <certificate-key-file>keys/your_domain.key</certificate-key-file> <certificate-file>keys/your_domain.crt</certificate-file> <certificate-chain-file>keys/chain.txt</certificate-chain-file> <password>test123</password> <cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite> <protocol>-all +sslv3 +tlsv1</protocol> </openssl> </http> </server> ...
Typically this is required for website PCI compliance.
Refer to the Resin SSL documentation for more information.