[ic] {OT} hardening SSL without rejecting users

Grant emailgrant at gmail.com
Tue Jun 8 18:30:37 UTC 2010

>> I've been advised to harden my SSL in the following ways:
>> 1. disable SSL 2.0
>> 2. disable use of SSL ciphers which offer either weak or no encryption
>> 3. disable anonymous SSL ciphers
>> Will some website users not be able to use https if I do this?
> Should be fine. That's all been good practice for years now.
> A good Apache mod_ssl configuration to achieve that is:
> SSLProtocol all -SSLv2
> Jon

Thanks Jon.  I actually had to append ":-eNULL" to pass PCI Compliance.

- Grant

More information about the interchange-users mailing list