[openssl-users] ciphers

mlrx openssl.org at 18informatique.com
Fri Feb 12 18:15:15 UTC 2016


Hello !

I have some questions that I don't find answers by myself,
even after read the cookbook and a lot of web pages.
To be honest, I'm not really sure it's a problem but I
need to verify.

Ok. I am setting up web server to host a critical java application.
There is Apache in front of Tomcat and I want to enforce connections
over https only with higher ciphers from TLS 1.2.
Is it a good way ?

There is a part of Apache's settings :
ssl.conf :
<http://paste.opensuse.org/03eefb03>
the vhost file :
<http://paste.opensuse.org/972e254d>

The public part works good, no problem.
For the moment (testing), I use an auto-signed certificate.
Of course, I will use "real" CA signed EV certificate in
production.

Well, I've did some tests. Here is a part of some nmap and testssl.sh
results :
<http://paste.opensuse.org/43377128>

Is everything ok or do I need to change something ?
Could you give some advice to make it safer please ?
I really want to be closer to the state of the art and understand it.

A last thing : please, accept my apologies... I don't speak english
anymore since many many years.

Best regards,
-- 
benoist

-- 
benoist


More information about the openssl-users mailing list