Where to edit active SSL ciphers for sites and ISPConfig itself?

Discussion in 'Installation/Configuration' started by Instanerious, Oct 2, 2022.

  1. Instanerious

    Instanerious Member

    If one wanted to edit the list of active cipher suites for sites as well as ISPConfig itself, which config file would be the right place to do it?
     
    Instanerious, Oct 2, 2022
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The apache SSL config file of your os. This setting is not ISPConfig specific, the global settings of the OS apply here.
     
    till, Oct 2, 2022
    #2
  3. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I add this "TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:" to my nginx config file so that I all sites are able to use TLSv1.3. I guess apache2 add something similar too.
     
    ahrasis, Oct 3, 2022
    #3
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    I modify nano /etc/apache2/mods-available/ssl.conf so it has this:
    Code:
    SSLCipherSuite "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384"
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLOpenSSLConfCmd ECDHParameters Automatic
SSLOpenSSLConfCmd Curves prime256v1:secp384r1
     
    Th0m, Oct 3, 2022
    #4

Share This Page