Apache SSL Cipher Suites einschränken

Um den Einsatz der unsicheren Cipher Suiten RC4 und SSLv2/3 zu deaktivieren, damit Poodle Attacken etc. nicht mehr wirksam sind, müssen folgende Einstellungen im mod_ssl des Apache Webservers angepasst werden:

nano /etc/apache2/mods-enabled/ssl.conf

Den Eintrag “SSLCipherSuite” auskommentieren und wie folgt abändern:

[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”]

#Secure SSL
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

Ein Test der Ergebnisse kann bei SSL Labs durchgeführt werden

vorher:

gradeC

nachher:

gradeA[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s