THIS KNOWLEDGE BASE HAS BEEN ARCHIVED AND IS NO LONGER BEING UPDATED
Please visit library.nagios.com/docs for the latest and most up-to-date documentation.
All Categories
Home » Categories » Products » Nagios XI » Troubleshooting » Common Problems

Disabling Outdated Versions of SSL/TLS
Article Number: 870 | Rating: Unrated | Last Updated by rspielman on Thu, Aug 6, 2020 at 10:54 AM

How to disable outdated versions of SSL/TLS in Apache

 

In order to provide the most robust security possible, old versions of SSL/TLS should be disabled. Most modern browsers support the newer and more secure versions of SSL/TLS so disabling the less secure and older versions of SSL/TLS should not hinder user experience.

To disable outdated versions of SSL/TLS in Apache:

  1. On your server, edit ssl.conf (usually located in /etc/httpd/conf.d).
  2. Find the line that begins with the following in the file: SSLProtocol all -SSLv2
  3. Comment out the line by adding a # before the line. This will disable TLS 1.0/1.1 and SSL 2.0/3.0.
  4. Add the following line underneath the line you have just commented out: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  5. Next, find the line that begins with the following in the file: SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
  6. Comment out the line by adding a # before the line.
  7. Add the following line underneath the line you have just commented out: SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
    • This ensures the use of SSL encryption only with a high degree of protection.
  8. Add the following line underneath the line you just added: SSLHonorCipherOrder on 
    • This ensures that server cipher preferences are used and not the client preferences.
  9. Save and close the file.
  10. Restart the Apache service with the following command: service httpd restart
    • NOTE: This command will differ depending on your OS.

Be sure to test all applications that interact with your server. If you experience any problems, you can remove the comments (#) and added lines to return to the previous version of the file.

 

Special Offer For Knowledgebase Visitors! Get a huge discount on Nagios Log Server by clicking below.

Get 60% Off Nagios Log Server!

Did you know? Nagios provides complete monitoring of: Windows, Linux, UNIX, Servers, Websites, SNMP, DHCP, DNS, Email, Storage, Files, Apache, IIS, EC2, and more!
Posted by: on Thu, Aug 6, 2020 at 10:06 AM. This article has been viewed 9709 times.
Filed Under: Common Problems
0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios XI - SourceGuardian Errors 2009R1.2C
Viewed 5379 times since Tue, Feb 2, 2016
Nagios XI - Apply Configuration Never Completes
Viewed 24457 times since Tue, Jan 27, 2015
Nagios XI - mysql_error out of range value for column
Viewed 8336 times since Tue, Aug 14, 2018
Nagios XI - Apply Configuration Fails - Backend login to the Core Configuration failed
Viewed 27231 times since Tue, Aug 2, 2016
Nagios XI - Disabling Database UTF8 Connectivity
Viewed 6233 times since Thu, Mar 8, 2018
Nagios XI - NSP: Sorry Dave, I can’t let you do that
Viewed 24217 times since Tue, Jan 27, 2015
Nagios XI - Event Data Is Stale
Viewed 6801 times since Wed, Jan 27, 2016
Active Directory / LDAP - Troubleshooting Authentication Integration
Viewed 22031 times since Mon, Jun 26, 2017
Nagios XI - Modifying The Contents Of /usr/local/nagios/etc
Viewed 8553 times since Tue, Jan 26, 2016
Nagios XI - WMI Authentication Problems
Viewed 7614 times since Thu, Feb 25, 2016
Subscribe to knowledge base
Get notified when new articles are added to the knowledge base.
Nagios