Web Server: OpenSSL Cipher Suite
From Resin 4.0 Wiki
(Difference between revisions)
Revision as of 00:00, 27 January 2012
Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl> block.
conf/resin.xml
<resin xmlns="http://caucho.com/ns/resin"> ... <cluster id="web-tier"> <server id="..."> <http port="443"> ... <openssl> <certificate-key-file>keys/your_domain.key</certificate-key-file> <certificate-file>keys/your_domain.crt</certificate-file> <certificate-chain-file>keys/chain.txt</certificate-chain-file> <password>test123</password> <cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite> <protocol>-all +sslv3 +tlsv1</protocol> </openssl> </http> </server> ...
Typically this is required for website PCI compliance.
Refer to the Resin SSL documentation for more information.