10-ssl.conf
· 218 B · Text
Sin formato
# this is a dovecot config snippet, inclide me into /etc/dovecot/local.conf
# SSL protocols to use
ssl_protocols = !SSLv2 !SSLv3
# for checking that service
openssl s_client -connect <hostname>:143 -starttls imap -ssl3
| 1 | # this is a dovecot config snippet, inclide me into /etc/dovecot/local.conf |
| 2 | # SSL protocols to use |
| 3 | ssl_protocols = !SSLv2 !SSLv3 |
| 4 | # for checking that service |
| 5 | openssl s_client -connect <hostname>:143 -starttls imap -ssl3 |
fix_apache2.sh
· 218 B · Bash
Sin formato
cat <<EOF >> /etc/apache2/conf.d/x_disable_SSLv3.conf
<IfModule mod_ssl.c>
SSLProtocol all -SSLv2 -SSLv3
</IfModule>
EOF
/etc/init.d/apache2 restart
# for checking that service
testssl.sh --poodle <vHost> | grep POODLE
| 1 | cat <<EOF >> /etc/apache2/conf.d/x_disable_SSLv3.conf |
| 2 | <IfModule mod_ssl.c> |
| 3 | SSLProtocol all -SSLv2 -SSLv3 |
| 4 | </IfModule> |
| 5 | EOF |
| 6 | /etc/init.d/apache2 restart |
| 7 | # for checking that service |
| 8 | testssl.sh --poodle <vHost> | grep POODLE |
haproxy.conf
· 198 B · Text
Sin formato
# this is a haproxy config snippet, include me into /etc/haproxy/haproxy.conf
bind :443 ssl crt <crt> ciphers <ciphers> no-sslv3
# for checking that service
testssl.sh --poodle <vHost> | grep POODLE
| 1 | # this is a haproxy config snippet, include me into /etc/haproxy/haproxy.conf |
| 2 | bind :443 ssl crt <crt> ciphers <ciphers> no-sslv3 |
| 3 | # for checking that service |
| 4 | testssl.sh --poodle <vHost> | grep POODLE |
main.cf
· 315 B · CFEngine3
Sin formato
# this is a postfix config snippet, include me into /etc/postfix/main.cf
smtp_tls_protocols=!SSLv2,!SSLv3
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3
smtpd_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
# for checking that service
openssl s_client -connect <hostname>:25 -starttls smtp -ssl3
| 1 | # this is a postfix config snippet, include me into /etc/postfix/main.cf |
| 2 | smtp_tls_protocols=!SSLv2,!SSLv3 |
| 3 | smtp_tls_mandatory_protocols=!SSLv2,!SSLv3 |
| 4 | smtpd_tls_protocols=!SSLv2,!SSLv3 |
| 5 | smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3 |
| 6 | # for checking that service |
| 7 | openssl s_client -connect <hostname>:25 -starttls smtp -ssl3 |
ssl.conf
· 229 B · Text
Sin formato
# this is a nginx config snippet, put me into /etc/nginx/conf.d
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# for checking that service
testssl.sh --poodle <vHost> | grep POODLE
| 1 | # this is a nginx config snippet, put me into /etc/nginx/conf.d |
| 2 | ssl_session_cache shared:SSL:10m; |
| 3 | ssl_session_timeout 10m; |
| 4 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
| 5 | # for checking that service |
| 6 | testssl.sh --poodle <vHost> | grep POODLE |