Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: How to enable only specific ciphers and block other ciphers |
|
Author |
|
Shrinidhi0409
Joined: 24 Sep 2021 Posts: 18 Location: India
|
Posted: Tue 10 May '22 15:54 Post subject: How to enable only specific ciphers and block other ciphers |
|
|
Our java application is running smoothly on RHEL 8.5 OS platform. To improve the security, I want enable only few ciphers and need to block others.
CIPHERS TO BE ENABLED:
ChaCha20-Poly1305, AES-GCM, AES-CCM with key exchange of ECDHE, DHE, RSA.
NOTE : And all other ciphers are prohibited.
I have made the below changes in "ssl.conf" file.
SSLProtocol -ALL +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
But when I try to check the ciphers from server by using the "openssl s_client -connect <localhost>:443 -tls1_2", I can able to see only one cipher.
Please find the below snippet,
SSL-session:
Protocol:TLSv1.2
Cipher:ECDHE-ECDSA-CHACHA20-POLY1305
Can you please let us know about below queries,
1) Whether the above command (SSLCipherSuite) is correct or not?. If not please let me know the correct procedure. If it is correct, why other ciphers are not displayed?
2) Please let me know the command to verify the enabled ciphers in RHEL 8.5 server.
3) How to block other Ciphers other than the mentioned above?
Can you suggest the possible solutions ASAP
Regards,
Shrinidhi |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7374 Location: Germany, Next to Hamburg
|
|
Back to top |
|
|
|
|
|
|