OpenSSL Cipher Suite
From Resin 3.0
(Difference between revisions)
(New page: Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl>block. <pre> <http port="443"> ... <openssl> <certificate-key-file>keys/...) |
|||
| (2 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
| − | Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl>block. | + | [[Category: Config]] [[Category: Security]] |
| + | |||
| + | Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl> block. | ||
<pre> | <pre> | ||
| Line 15: | Line 17: | ||
</pre> | </pre> | ||
| − | Typically this is | + | Typically this is required for website PCI compliance. |
Refer to [[http://caucho.com/resin-4.0/admin/security-ssl.xtp Resin SSL documentation]] for more information. | Refer to [[http://caucho.com/resin-4.0/admin/security-ssl.xtp Resin SSL documentation]] for more information. | ||
Latest revision as of 21:18, 9 December 2011
Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl> block.
<http port="443">
...
<openssl>
<certificate-key-file>keys/your_domain.key</certificate-key-file>
<certificate-file>keys/your_domain.crt</certificate-file>
<certificate-chain-file>keys/chain.txt</certificate-chain-file>
<password>test123</password>
<cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite>
<protocol>-all +sslv3 +tlsv1</protocol>
</openssl>
</http>
Typically this is required for website PCI compliance.
Refer to [Resin SSL documentation] for more information.
