OpenSSL Cipher Suite
From Resin 3.0
(Difference between revisions)
| Line 1: | Line 1: | ||
| + | [[Category: Config]] [[Category: Security]] | ||
| + | |||
Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl> block. | Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl> block. | ||
Latest revision as of 21:18, 9 December 2011
Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl> block.
<http port="443">
...
<openssl>
<certificate-key-file>keys/your_domain.key</certificate-key-file>
<certificate-file>keys/your_domain.crt</certificate-file>
<certificate-chain-file>keys/chain.txt</certificate-chain-file>
<password>test123</password>
<cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite>
<protocol>-all +sslv3 +tlsv1</protocol>
</openssl>
</http>
Typically this is required for website PCI compliance.
Refer to [Resin SSL documentation] for more information.
