THIS KNOWLEDGE BASE HAS BEEN ARCHIVED AND IS NO LONGER BEING UPDATED
Please visit library.nagios.com/docs for the latest and most up-to-date documentation.
All Categories
Recently Viewed
Nagios XI - Can’t Log Into The Web Interface
Nagios XI - Problems Using Nagios XI With Proxies
Nagios XI - Maximizing Performance In Nagios XI
Home » Categories » Products » Nagios XI » Troubleshooting » Common Problems

Disabling Outdated Versions of SSL/TLS
Article Number: 870 | Rating: 1/5 from 2 votes | Last Updated by rspielman on Thu, Aug 6, 2020 at 10:54 AM

How to disable outdated versions of SSL/TLS in Apache

 

In order to provide the most robust security possible, old versions of SSL/TLS should be disabled. Most modern browsers support the newer and more secure versions of SSL/TLS so disabling the less secure and older versions of SSL/TLS should not hinder user experience.

To disable outdated versions of SSL/TLS in Apache:

  1. On your server, edit ssl.conf (usually located in /etc/httpd/conf.d).
  2. Find the line that begins with the following in the file: SSLProtocol all -SSLv2
  3. Comment out the line by adding a # before the line. This will disable TLS 1.0/1.1 and SSL 2.0/3.0.
  4. Add the following line underneath the line you have just commented out: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  5. Next, find the line that begins with the following in the file: SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
  6. Comment out the line by adding a # before the line.
  7. Add the following line underneath the line you have just commented out: SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
    • This ensures the use of SSL encryption only with a high degree of protection.
  8. Add the following line underneath the line you just added: SSLHonorCipherOrder on 
    • This ensures that server cipher preferences are used and not the client preferences.
  9. Save and close the file.
  10. Restart the Apache service with the following command: service httpd restart
    • NOTE: This command will differ depending on your OS.

Be sure to test all applications that interact with your server. If you experience any problems, you can remove the comments (#) and added lines to return to the previous version of the file.

 

Special Offer For Knowledgebase Visitors! Get a huge discount on Nagios Log Server by clicking below.

Get 60% Off Nagios Log Server!

Did you know? Nagios provides complete monitoring of: Windows, Linux, UNIX, Servers, Websites, SNMP, DHCP, DNS, Email, Storage, Files, Apache, IIS, EC2, and more!
Posted by: on Thu, Aug 6, 2020 at 10:06 AM. This article has been viewed 9876 times.
Filed Under: Common Problems
1 (2)
Article Rating (2 Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios XI - Warning: Duplicate definition found for contact ’xi_default_contact’
Viewed 8748 times since Tue, Jan 26, 2016
Backups are not being generated due to tar creation errors
Viewed 4953 times since Thu, Feb 27, 2020
Nagios XI - Reset Upgrade Status In Web Interface
Viewed 13114 times since Tue, May 7, 2019
Nagios XI - Scheduled Reports Not Running
Viewed 6829 times since Thu, Aug 10, 2017
Nagios XI - Ajaxterm Installation Aborted
Viewed 5205 times since Tue, Jan 26, 2016
Nagios XI - Event Data Is Stale
Viewed 6853 times since Wed, Jan 27, 2016
Nagios XI - Core 4 Load Spikes on 1.75 and 7 Hour Intervals
Viewed 5588 times since Mon, Jan 25, 2016
Nagios XI - Modifying The Contents Of /usr/local/nagios/etc
Viewed 8647 times since Tue, Jan 26, 2016
ERROR: Please add the ’Optional’ channel to your Red Hat systems subscriptions
Viewed 29392 times since Tue, Jan 26, 2016
XI 5.4 monitoring engine not running
Viewed 13069 times since Mon, Feb 6, 2017
Subscribe to knowledge base
Get notified when new articles are added to the knowledge base.
Nagios