Welcome to our Secure Development Tips blog

Every other week, we provide expert tech tips on how to build and deploy secure applications.  These best practices, derived from Security Innovation’s assessments of the worlds’ most dominant software applications,  are taken directly from our TeamMentor product, which includes more than 3,500 guidance assets and articles on secure software design, coding and testing.    

Recent Security Innovation Blog Post:

Subscribe by Email

Your email:

Secure Development Tips

a blog with tips relating to secure application development, from Security Innovation's eknowledge database, TeamMentor

Current Articles | RSS Feed RSS Feed

Use Only Strong SSL Algorithms

  
  

Applies to

  • Apache

What to Do

Configure Apache to use only strong SSL algorithms.

Why

Using strong encryption algorithms with SSL helps reduce the risk of successful eavesdropping attacks and helps with regulatory compliance.

How

To use only strong SSL algorithms, edit the httpd.conf file to include the following settings:

SSLProtocol -all +TLSv1
SSLCipherSuite HIGH:!aNULL:!SSLv2:!MD5:@STRENGTH
SSLHonorCipherOrder on

These settings enable only the TLS protocol and only the strong encryption cipher suites.

It may also be a good idea to include the following line in case of old versions of apache/mod_ssl:

SSLInsecureRenegotiation off

Additional Resources

 

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics