Skip to content

Instantly share code, notes, and snippets.

@ashikawa
Created October 29, 2012 11:14
Show Gist options
  • Save ashikawa/3973001 to your computer and use it in GitHub Desktop.
Save ashikawa/3973001 to your computer and use it in GitHub Desktop.
Apache SSL - CipherSuite の設定

Apache SSL - CipherSuite の設定

opensslとRFCでのCiperSuite名の対応

$ man ciphers
(略)
   TLS v1.0 cipher suites.
        TLS_RSA_WITH_NULL_MD5                   NULL-MD5
        TLS_RSA_WITH_NULL_SHA                   NULL-SHA
        TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5

接続確認

$ openssl s_client -connect 192.168.xx.xxx:443 -cipher [CiperSuite]

Apache設定の確認方法

$ openssl ciphers -v 'ALL' | sort
$ openssl ciphers -v 'ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW' | sort

参考 SSLCipherSuite Directive

設定ガイド

除外推奨

  • MAC Digest Algorithm の MD5
  • 鍵長が 56bit,64bit (LOW)

参考
http://www.atmarkit.co.jp/fnetwork/rensai/cell05/ssl2.html https://www.verisign.co.jp/welcome/pdf/wp_code_algorithm.pdf

@ashikawa
Copy link
Author

チェックサイトを見つけたし。
https://www.ssllabs.com/ssltest/index.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment