OpenSSL Cipher Suite
From Resin 3.0
(Difference between revisions)
| Line 15: | Line 15: | ||
</pre> | </pre> | ||
| − | Typically this is | + | Typically this is required for website PCI compliance. |
Refer to [[http://caucho.com/resin-4.0/admin/security-ssl.xtp Resin SSL documentation]] for more information. | Refer to [[http://caucho.com/resin-4.0/admin/security-ssl.xtp Resin SSL documentation]] for more information. | ||
Revision as of 21:17, 9 December 2011
Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl> block.
<http port="443">
...
<openssl>
<certificate-key-file>keys/your_domain.key</certificate-key-file>
<certificate-file>keys/your_domain.crt</certificate-file>
<certificate-chain-file>keys/chain.txt</certificate-chain-file>
<password>test123</password>
<cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite>
<protocol>-all +sslv3 +tlsv1</protocol>
</openssl>
</http>
Typically this is required for website PCI compliance.
Refer to [Resin SSL documentation] for more information.
