OpenSSL Cipher Suite

From Resin 3.0

(Difference between revisions)
Jump to: navigation, search
(New page: Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl>block. <pre> <http port="443"> ... <openssl> <certificate-key-file>keys/...)
 
Line 1: Line 1:
Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl>block.
+
Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl> block.
  
 
<pre>
 
<pre>

Revision as of 21:17, 9 December 2011

Modifying OpenSSL to specify allowed cipher suites and protocols can be done in resin.xml, in the <openssl> block.

<http port="443">
  ...
  <openssl>
    <certificate-key-file>keys/your_domain.key</certificate-key-file>
    <certificate-file>keys/your_domain.crt</certificate-file>        
    <certificate-chain-file>keys/chain.txt</certificate-chain-file>
    <password>test123</password>
    <cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite>
    <protocol>-all +sslv3 +tlsv1</protocol>   
  </openssl>
</http>

Typically this is requires for webserver PCI compliance.

Refer to [Resin SSL documentation] for more information.

Personal tools