Home » Categories » Products » Nagios XI » Troubleshooting » Common Problems

Disabling Outdated Versions of SSL/TLS

How to disable outdated versions of SSL/TLS in Apache

 

In order to provide the most robust security possible, old versions of SSL/TLS should be disabled. Most modern browsers support the newer and more secure versions of SSL/TLS so disabling the less secure and older versions of SSL/TLS should not hinder user experience.

To disable outdated versions of SSL/TLS in Apache:

  1. On your server, edit ssl.conf (usually located in /etc/httpd/conf.d).
  2. Find the line that begins with the following in the file: SSLProtocol all -SSLv2
  3. Comment out the line by adding a # before the line. This will disable TLS 1.0/1.1 and SSL 2.0/3.0.
  4. Add the following line underneath the line you have just commented out: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  5. Next, find the line that begins with the following in the file: SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
  6. Comment out the line by adding a # before the line.
  7. Add the following line underneath the line you have just commented out: SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
    • This ensures the use of SSL encryption only with a high degree of protection.
  8. Add the following line underneath the line you just added: SSLHonorCipherOrder on 
    • This ensures that server cipher preferences are used and not the client preferences.
  9. Save and close the file.
  10. Restart the Apache service with the following command: service httpd restart
    • NOTE: This command will differ depending on your OS.

Be sure to test all applications that interact with your server. If you experience any problems, you can remove the comments (#) and added lines to return to the previous version of the file.

 

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios XI - Debugging Bandwidth Performance Graphs
Viewed 7495 times since Tue, Jan 27, 2015
Nagios XI - SQL Error [nagiosxi] : ERROR: syntax error
Viewed 3309 times since Sun, Sep 10, 2017
Nagios XI - STRICT_TRANS_TABLES
Viewed 3095 times since Thu, Nov 16, 2017
Active Directory / LDAP - Troubleshooting Authentication Integration
Viewed 8473 times since Mon, Jun 26, 2017
Nagios XI - Some BPI Checks Show "Unknown BPI Group Index" After Upgrade
Viewed 1729 times since Wed, Sep 18, 2019
Nagios XI - Configuration Applies, No Changes Take Place
Viewed 3127 times since Tue, Jan 27, 2015
Nagios XI - Unable to Delete Host
Viewed 8024 times since Tue, Dec 16, 2014
CCM says unapplied changes exist, but none listed
Viewed 2397 times since Mon, Feb 27, 2017
Nagios XI - How To Use CA Certificates With check_ldaps Plugin
Viewed 4700 times since Tue, Jul 26, 2016
Upgrading to NDO 3 after having been downgraded in newer versions of Nagios XI
Viewed 416 times since Fri, Jan 15, 2021