Hello,
As some of you might know, I have a domain. I've signed up for a free account with a security scanning website and they scan my site and find problems. So far, I have 12 low risk security issues and I'd like help to harden the system a bit. Right now, I'm concentrating on the SSL cipher list. I don't know much about SSL and the ciphers. I'm going to post what ciphers my server currently supports and I'm hoping, if there's any that should be removed, maybe someone could let me know? Anyway, here it is:
Another test shows a bunch of info and then at the bottom, it shows:
Should I have SSLv2 disabled and only accept SSLv3 connections? And is TLSv1 good? Thank you!
As some of you might know, I have a domain. I've signed up for a free account with a security scanning website and they scan my site and find problems. So far, I have 12 low risk security issues and I'd like help to harden the system a bit. Right now, I'm concentrating on the SSL cipher list. I don't know much about SSL and the ciphers. I'm going to post what ciphers my server currently supports and I'm hoping, if there's any that should be removed, maybe someone could let me know? Anyway, here it is:
Code:
This test detects which SSL ciphers are supported by remote service for encrypting communications. Here is the list of SSL ciphers supported by the remote server: - High Strength Ciphers (>= 112-bit key) * TLSv1 - DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 * TLSv1 - DHE-RSA-AES256-SHA Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 * TLSv1 - n/a Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1 * TLSv1 - n/a Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1 * TLSv1 - n/a Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 * TLSv1 - n/a Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 * TLSv1 - DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 * TLSv1 - AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 * TLSv1 - AES256-SHA Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 * TLSv1 - n/a Kx=RSA Au=RSA Enc=Camellia(128) Mac=SHA1 * TLSv1 - n/a Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 The fields above are: * {OpenSSL ciphername} * Kx={key exchange} * Au={authentication} * Enc={symmetric encryption method} * Mac={message authentication code} * {export flag}
Code:
This SSLv2 server does not accept SSLv3 connections. This SSLv2 server also accepts TLSv1 connections.
Comment