THIS KNOWLEDGE BASE HAS BEEN ARCHIVED AND IS NO LONGER BEING UPDATED
Please visit library.nagios.com/docs for the latest and most up-to-date documentation.
All Categories
Recently Viewed
ERROR: Please add the ’Optional’ channel to your Red Hat systems subscriptions
Home » Categories » Products » Nagios XI » Troubleshooting » Common Problems

Disabling Outdated Versions of SSL/TLS
Article Number: 870 | Rating: Unrated | Last Updated by rspielman on Thu, Aug 6, 2020 at 10:54 AM

How to disable outdated versions of SSL/TLS in Apache

 

In order to provide the most robust security possible, old versions of SSL/TLS should be disabled. Most modern browsers support the newer and more secure versions of SSL/TLS so disabling the less secure and older versions of SSL/TLS should not hinder user experience.

To disable outdated versions of SSL/TLS in Apache:

  1. On your server, edit ssl.conf (usually located in /etc/httpd/conf.d).
  2. Find the line that begins with the following in the file: SSLProtocol all -SSLv2
  3. Comment out the line by adding a # before the line. This will disable TLS 1.0/1.1 and SSL 2.0/3.0.
  4. Add the following line underneath the line you have just commented out: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  5. Next, find the line that begins with the following in the file: SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
  6. Comment out the line by adding a # before the line.
  7. Add the following line underneath the line you have just commented out: SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
    • This ensures the use of SSL encryption only with a high degree of protection.
  8. Add the following line underneath the line you just added: SSLHonorCipherOrder on 
    • This ensures that server cipher preferences are used and not the client preferences.
  9. Save and close the file.
  10. Restart the Apache service with the following command: service httpd restart
    • NOTE: This command will differ depending on your OS.

Be sure to test all applications that interact with your server. If you experience any problems, you can remove the comments (#) and added lines to return to the previous version of the file.

 

Special Offer For Knowledgebase Visitors! Get a huge discount on Nagios Log Server by clicking below.

Get 60% Off Nagios Log Server!

Did you know? Nagios provides complete monitoring of: Windows, Linux, UNIX, Servers, Websites, SNMP, DHCP, DNS, Email, Storage, Files, Apache, IIS, EC2, and more!
Posted by: on Thu, Aug 6, 2020 at 10:06 AM. This article has been viewed 9646 times.
Filed Under: Common Problems
0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
NRPE - Agent and Plugin Explained
Viewed 75162 times since Fri, Jul 14, 2017
Nagios XI - Ajaxterm Installation Aborted
Viewed 5127 times since Tue, Jan 26, 2016
Nagios XI - Configuration Applies, No Changes Take Place
Viewed 9637 times since Tue, Jan 27, 2015
Active Directory / LDAP - Troubleshooting Authentication Integration
Viewed 21892 times since Mon, Jun 26, 2017
Nagios XI - ICMP and Ping Checks Stopped Graphing
Viewed 15209 times since Mon, Jan 25, 2016
Nagios XI - MRTG Reports SNMP_Session Errors
Viewed 7334 times since Wed, Jul 27, 2016
Upgrading to NDO 3 after having been downgraded in newer versions of Nagios XI
Viewed 5049 times since Fri, Jan 15, 2021
Nagios XI - Migrate Performance Data
Viewed 14465 times since Tue, Jan 26, 2016
Nagios XI - Disabling Database UTF8 Connectivity
Viewed 6185 times since Thu, Mar 8, 2018
Nagios XI - MSSQL Wizards - Adaptive Server connection failed
Viewed 12992 times since Thu, Aug 3, 2017
Subscribe to knowledge base
Get notified when new articles are added to the knowledge base.
Nagios