Disable the use of TLSv1.0 protocol in favor of a cryptographically stronger protocol such as TLSv1.2.
The following openssl commands can be used to do a manual test:
openssl s_client -connect ip:port -tls1
If the test is successful, then the target support TLSv1
[root@test ~]# grep SSLProtocol /etc/httpd/conf.modules.d/ssl.conf
# SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol TLSv1.2
[root@test ~]#
The following openssl commands can be used to do a manual test:
openssl s_client -connect ip:port -tls1
If the test is successful, then the target support TLSv1
[root@test ~]# grep SSLProtocol /etc/httpd/conf.modules.d/ssl.conf
# SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLProtocol TLSv1.2
[root@test ~]#
No comments:
Post a Comment