Rogierm's Blog » ssl http://rogierm.redbee.nl/blog Just another blog with technical stuff Mon, 09 Jan 2012 16:15:48 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Strong ciphers on Foundry ServerIron http://rogierm.redbee.nl/blog/2010/02/15/strong-ciphers-on-foundry-serveriron/ http://rogierm.redbee.nl/blog/2010/02/15/strong-ciphers-on-foundry-serveriron/#comments Mon, 15 Feb 2010 20:24:16 +0000 admin http://rogierm.redbee.nl/blog/?p=117 When setting up SSL offloading on a Foundry ServerIron 4G-SSL the default installation allows weak (eg. DES, 56bit) ciphers and SSLv2. This is not a recommended setup, especially if you have to comply to certain security certifications, like PCI. The Foundry documentation does not give a lot of information on the ciphers that are supported. Below the commands to disable SSLv2 and allow only strong ciphers on an ssl accelerated host.

To change the ssl profile of a virtual server, always follow the following steps:

  1. Remove the ssl profile from the virtual server
  2. Change the ssl profile settings
  3. Enable the ssl profile on the virtual server


server virtual vservername
no port ssl ssl-terminate sslprofilename

exit

ssl profile sslprofilename
disable-ssl-v2
no cipher-suite all-cipher-suites
cipher-suite rsa-with-3des-ede-cbc-sha
cipher-suite rsa-with-aes-128-sha
cipher-suite rsa-with-aes-256-sha
cipher-suite rsa-with-rc4-128-md5
cipher-suite rsa-with-rc4-128-sha

exit

server virtual vservername
port ssl ssl-terminate sslprofilename

]]> http://rogierm.redbee.nl/blog/2010/02/15/strong-ciphers-on-foundry-serveriron/feed/ 0