Home » Categories » Products » Nagios XI » Troubleshooting » Common Problems

Disabling Outdated Versions of SSL/TLS

How to disable outdated versions of SSL/TLS in Apache

 

In order to provide the most robust security possible, old versions of SSL/TLS should be disabled. Most modern browsers support the newer and more secure versions of SSL/TLS so disabling the less secure and older versions of SSL/TLS should not hinder user experience.

To disable outdated versions of SSL/TLS in Apache:

  1. On your server, edit ssl.conf (usually located in /etc/httpd/conf.d).
  2. Find the line that begins with the following in the file: SSLProtocol all -SSLv2
  3. Comment out the line by adding a # before the line. This will disable TLS 1.0/1.1 and SSL 2.0/3.0.
  4. Add the following line underneath the line you have just commented out: SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  5. Next, find the line that begins with the following in the file: SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
  6. Comment out the line by adding a # before the line.
  7. Add the following line underneath the line you have just commented out: SSLCipherSuite HIGH:!aNULL:!MD5:!3DES
    • This ensures the use of SSL encryption only with a high degree of protection.
  8. Add the following line underneath the line you just added: SSLHonorCipherOrder on 
    • This ensures that server cipher preferences are used and not the client preferences.
  9. Save and close the file.
  10. Restart the Apache service with the following command: service httpd restart
    • NOTE: This command will differ depending on your OS.

Be sure to test all applications that interact with your server. If you experience any problems, you can remove the comments (#) and added lines to return to the previous version of the file.

 

0 (0)
Article Rating (No Votes)
Rate this article
  • Icon PDFExport to PDF
  • Icon MS-WordExport to MS Word
Attachments Attachments
There are no attachments for this article.
Related Articles RSS Feed
Nagios XI - How To Test Check Commands From The Command-line
Viewed 24553 times since Tue, Jan 26, 2016
Web Browser Reports 330 Error Content Encoding
Viewed 2521 times since Tue, Mar 7, 2017
PHPMailer - Troubleshooting Using Debug Logging
Viewed 6395 times since Tue, Aug 14, 2018
Nagios XI - Migrate Performance Data
Viewed 5886 times since Tue, Jan 26, 2016
Nagios XI - MSSQL Query Wizard - Invalid characters in the username
Viewed 2727 times since Thu, Aug 3, 2017
Nagios Core - Failed to register iobroker
Viewed 3138 times since Wed, Sep 20, 2017
Nagios XI - Disabling Database UTF8 Connectivity
Viewed 2638 times since Thu, Mar 8, 2018
Nagios XI - Bandwidth Graphs Showing 0Mb/s in Non-English Systems
Viewed 3621 times since Fri, Dec 19, 2014
Nagios XI - Problems Using Nagios XI With Proxies
Viewed 6719 times since Mon, Jan 25, 2016
Nagios XI - Event Data Is Stale
Viewed 2740 times since Wed, Jan 27, 2016