ilan
Verified User
Hi,
I though DirectAdmin had addressed the POODLE attack vulnerability a long time a go, but I just setup a server with apache and nginx as reverse proxy using custombuild 2.0, and at the ssllabs.com ssl test I'm receiving a Grade C because of the POODLE attack vulnerability.
I tried using the https://mozilla.github.io/server-side-tls/ssl-config-generator/ but I placed the recommended values in a few config files and there is no change, clearly I'm not adding the changes in the correct files, does someone know whats the correct template to add the values?
My system has:
CentOS Linux release 7.3
Apache 2.4.25
nginx 2.2.15
OpenSSL 1.0.1e
In the options.conf of custombuild 2.0 (rev: 1642) I have:
webserver=nginx_apache
inside the custombuild directory I updated the recomponed protocols and ciphers at the following files:
and then did a ./build rewrite_confs
And these are the recommended values for my setup using modern profile at mozilla.github.io :
Thanks
I though DirectAdmin had addressed the POODLE attack vulnerability a long time a go, but I just setup a server with apache and nginx as reverse proxy using custombuild 2.0, and at the ssllabs.com ssl test I'm receiving a Grade C because of the POODLE attack vulnerability.
I tried using the https://mozilla.github.io/server-side-tls/ssl-config-generator/ but I placed the recommended values in a few config files and there is no change, clearly I'm not adding the changes in the correct files, does someone know whats the correct template to add the values?
My system has:
CentOS Linux release 7.3
Apache 2.4.25
nginx 2.2.15
OpenSSL 1.0.1e
In the options.conf of custombuild 2.0 (rev: 1642) I have:
webserver=nginx_apache
inside the custombuild directory I updated the recomponed protocols and ciphers at the following files:
Code:
custom/nginx/conf/nginx-defaults.conf
custom/nginx/conf/nginx-vhosts.conf
custom/nginx_reverse/conf/nginx-defaults.conf
custom/nginx_reverse/conf/nginx-vhosts.conf
and then did a ./build rewrite_confs
And these are the recommended values for my setup using modern profile at mozilla.github.io :
Code:
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
Thanks