logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: How to enable only specific ciphers and block other ciphers
Author
Shrinidhi0409



Joined: 24 Sep 2021
Posts: 18
Location: India

PostPosted: Tue 10 May '22 15:54    Post subject: How to enable only specific ciphers and block other ciphers Reply with quote

Our java application is running smoothly on RHEL 8.5 OS platform. To improve the security, I want enable only few ciphers and need to block others.

CIPHERS TO BE ENABLED:

ChaCha20-Poly1305, AES-GCM, AES-CCM with key exchange of ECDHE, DHE, RSA.

NOTE : And all other ciphers are prohibited.

I have made the below changes in "ssl.conf" file.

SSLProtocol -ALL +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

But when I try to check the ciphers from server by using the "openssl s_client -connect <localhost>:443 -tls1_2", I can able to see only one cipher.

Please find the below snippet,

SSL-session:
Protocol:TLSv1.2
Cipher:ECDHE-ECDSA-CHACHA20-POLY1305

Can you please let us know about below queries,

1) Whether the above command (SSLCipherSuite) is correct or not?. If not please let me know the correct procedure. If it is correct, why other ciphers are not displayed?
2) Please let me know the command to verify the enabled ciphers in RHEL 8.5 server.
3) How to block other Ciphers other than the mentioned above?

Can you suggest the possible solutions ASAP

Regards,
Shrinidhi
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Tue 07 Jun '22 12:09    Post subject: Reply with quote

Continues here https://www.apachelounge.com/viewtopic.php?t=8900
Back to top


Reply to topic   Topic: How to enable only specific ciphers and block other ciphers View previous topic :: View next topic
Post new topic   Forum Index -> Apache