[TriLUG] TLSv1 from Apache + mod_ssl?
Brian Henning
Brian.Henning at datadirect.com
Thu Aug 6 12:41:57 EDT 2009
Hi Gang,
I've been trying to secure the business area of my web server in a way
that Opera likes. Opera issues warnings if SSLv3 is used as the
protocol, calling it "outdated" and "insecure." (Neither Chrome nor IE
balk at this...)
At any rate, I compared my site's SSL settings to a site that doesn't
make Opera whine; namely, my personal banking site. The only difference
is protocol:
Banking site: TLS v1.0 128 bit ARC4 (1024 bit RSA/SHA)
My site: SSL v3.0 128 bit ARC4 (1024 bit RSA/SHA)
So, questions:
1) Do I need to worry? and if so...
2) How do I get Apache to talk in TLSv1? Here's my SSLProtocol
directive:
SSLProtocol -all +SSLv3 +TLSv1
If I leave out +SSLv3 (just have -all +TLSv1), IE and Chrome still claim
it's secure, but Opera won't even connect:
Secure connection: fatal error (40) from server. [...] Please note that
some encryption methods are no longer supported, and that access will
not be possible until the Web site has been upgraded to use strong
encryption.
Versions:
Opera: 9.62
httpd: 2.2.3-22
mod_ssl:
----------------
Brian A. Henning
DataDirect
Support Engineer
888-332-6797
----------------
Find answers in our new knowledgebase:
http://knowledgebase.datadirect.com
Download patches and manage support cases online:
http://www.datadirect.com/support/troubleshooting/reportacase/index.ssp
More information about the TriLUG
mailing list