SSL configuration to pass Qualys SSL Labs Test.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL configuration to pass Qualys SSL Labs Test.

Alexandre Adao
Hello,

I am trying to get A or A+ from the SSL server Test (https://www.ssllabs.com/ssltest ). I am ruining OpenSSL 1.0.1e-fips and Linux.  I have grade A- and I think is because the issue with Forward Secrecy. Any advise please?

--
​Alex Adao​



_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user
Reply | Threaded
Open this post in threaded view
|

Re: SSL configuration to pass Qualys SSL Labs Test.

Gerald Vogt
On 18.05.17 18:28, Alexandre Adao wrote:
> I am trying to get A or A+ from the SSL server Test
> (https://www.ssllabs.com/ssltest ). I am ruining OpenSSL 1.0.1e-fips and
> Linux.  I have grade A- and I think is because the issue with Forward
> Secrecy. Any advise please?

1. Ask on a mailing list for your web server (which you don't even
mention). This has nothing to do with owncloud.

2. It's difficult to tell what the reason for A- is if you don't seem to
know exactly. The test tells you the reason. It is says it's forward
secrecy that's what it is.

3. If it's PFS it also gives you a link to a page describing the reason
and how to fix this. If you google for the name of your web server and
forward secrecy you'll find lots of detailed instructions on how to
configure your specific web server.

So find the right place to ask your question or even better read what
ssllabs tells you...

Gerald
_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user
Reply | Threaded
Open this post in threaded view
|

Re: SSL configuration to pass Qualys SSL Labs Test.

Alexandre Adao
Thank you Mr. Gerald, I am running ownCloud 8.2 with Apache/2.2.15 (Oracle server). I apologize for not to mention. I am looking to the documentation on the web thanks.

--Alex Adao

On Thu, May 18, 2017 at 12:44 PM, Gerald Vogt <[hidden email]> wrote:
On 18.05.17 18:28, Alexandre Adao wrote:
I am trying to get A or A+ from the SSL server Test (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ssllabs.com_ssltest&d=DwICAg&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=SWfRXxAxwFYba0UKJTEavZjvfDCwZImredAPIxMfdmQ&s=Vv5Pm7LpCX4p039dZ8kl1VrO5mv9qiUcyd3hNHEYaI8&e=  ). I am ruining OpenSSL 1.0.1e-fips and Linux.  I have grade A- and I think is because the issue with Forward Secrecy. Any advise please?

1. Ask on a mailing list for your web server (which you don't even mention). This has nothing to do with owncloud.

2. It's difficult to tell what the reason for A- is if you don't seem to know exactly. The test tells you the reason. It is says it's forward secrecy that's what it is.

3. If it's PFS it also gives you a link to a page describing the reason and how to fix this. If you google for the name of your web server and forward secrecy you'll find lots of detailed instructions on how to configure your specific web server.

So find the right place to ask your question or even better read what ssllabs tells you...

Gerald
_______________________________________________
User mailing list
[hidden email]
https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.owncloud.org_mailman_listinfo_user&d=DwICAg&c=0CCt47_3RbNABITTvFzZbA&r=HtvpF_Lhld9M3sO_mZdHw9Ab6uI2MVoIQAAZj4-LRs8&m=SWfRXxAxwFYba0UKJTEavZjvfDCwZImredAPIxMfdmQ&s=2aYlebY7Bo85RhF-YOdzvPiu8W3dx5HuzJVR6fmeXG0&e=



--
=============================================
Alexandre Magno Adão
Director of Information Security
Morgan State University (CGW 300k)
Office of  Information Technology (OIT)
443-885-4415 Office
443-803-3154 Cell


_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user
Reply | Threaded
Open this post in threaded view
|

Re: SSL configuration to pass Qualys SSL Labs Test.

Stefan Schwarz
In reply to this post by Alexandre Adao
To get A+ with Apache2 (i guess the difference betwenn A and A+ is HSTS
enabled, too lazy to check is out):

SSLEngine On
SSLProtocol All -SSLv2 -SSLv3

SSLHonorCipherOrder On
SSLCipherSuite
'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:ECDH+AESGCM:ECDH+AES:ECDH:HIGH:MEDIUM:!RC4:!3DES:!CAMELLIA:!SEED:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP'

SSLCertificateFile /etc/apache2/cert.crt
SSLCertificateKeyFile /etc/apache2/cert.key
SSLCACertificateFile /etc/apache2/intermediate-ca-cert.crt

<IfModule mod_headers.c>
   Header always set Strict-Transport-Security "max-age=15768000"
</IfModule>

Your personal preference of Ciphers might be different.


Am 18.05.2017 um 18:28 schrieb Alexandre Adao:

> Hello,
>
> I am trying to get A or A+ from the SSL server Test
> (https://www.ssllabs.com/ssltest ). I am ruining OpenSSL 1.0.1e-fips and
> Linux.  I have grade A- and I think is because the issue with Forward
> Secrecy. Any advise please?
>
> --
> ​Alex Adao​
>
>
>
>
> _______________________________________________
> User mailing list
> [hidden email]
> http://mailman.owncloud.org/mailman/listinfo/user
>

_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user