| Next revision | Previous revision |
| misc:ssl:cipher [2024/07/30 11:28] – created js | misc:ssl:cipher [2024/07/30 11:36] (current) – [example:] js |
|---|
| ====== Ciphers ====== | ====== Ciphers ====== |
| | |
| | |
| |
| === Apache / httpd === | === Apache / httpd === |
| load the apache modul <wrap em>mod_ssl</wrap> to activate the https and ssl. | load the apache modul <wrap em>mod_ssl</wrap> to activate the https and ssl. |
| |
| apache documentation: [[https://httpd.apache.org/docs/trunk/mod/mod_ssl.html]] | RedHat 8 documentation: [[https://docs.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/pdf/deploying_different_types_of_servers/red_hat_enterprise_linux-8-deploying_different_types_of_servers-en-us.pdf|RedHat 8 Deploying Servers PDF]] \\ |
| | Apache documentation: [[https://httpd.apache.org/docs/trunk/mod/mod_ssl.html#sslciphersuite]] |
| |
| example: | |
| | == SSLCipherSuite Example == |
| <code bash>SSLCipherSuite "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!SHA1:!SHA256"</code> | <code bash>SSLCipherSuite "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!SHA1:!SHA256"</code> |
| | |
| | == nmap check apache == |
| | <code bash>nmap --script ssl-enum-ciphers -p 444 wiki.schnuerle.com</code> |
| | |
| | Example: |
| | <code bash>[root@v2fsirl9 SOURCES]# nmap --script ssl-enum-ciphers -p 444 wiki.schnuerle.com |
| | Starting Nmap 7.92 ( https://nmap.org ) at 2024-07-30 13:30 CEST |
| | Nmap scan report for wiki.schnuerle.com (93.240.43.215) |
| | Host is up (0.0073s latency). |
| | rDNS record for 93.240.43.215: nextcloud.schnuerle.com |
| | |
| | PORT STATE SERVICE |
| | 444/tcp open snpp |
| | | ssl-enum-ciphers: |
| | | TLSv1.2: |
| | | ciphers: |
| | | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_AES_128_CCM (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_AES_128_CCM_8 (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_AES_256_CCM (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_AES_256_CCM_8 (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 (dh 2048) - A |
| | | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) - A |
| | | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A |
| | | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A |
| | | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A |
| | | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A |
| | | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A |
| | | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A |
| | | TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 (secp256r1) - A |
| | | TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 (secp256r1) - A |
| | | TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 (secp256r1) - A |
| | | TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 (secp256r1) - A |
| | | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A |
| | | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A |
| | | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A |
| | | TLS_RSA_WITH_AES_128_CCM (rsa 2048) - A |
| | | TLS_RSA_WITH_AES_128_CCM_8 (rsa 2048) - A |
| | | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A |
| | | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A |
| | | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A |
| | | TLS_RSA_WITH_AES_256_CCM (rsa 2048) - A |
| | | TLS_RSA_WITH_AES_256_CCM_8 (rsa 2048) - A |
| | | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A |
| | | TLS_RSA_WITH_ARIA_128_GCM_SHA256 (rsa 2048) - A |
| | | TLS_RSA_WITH_ARIA_256_GCM_SHA384 (rsa 2048) - A |
| | | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A |
| | | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (rsa 2048) - A |
| | | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A |
| | | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (rsa 2048) - A |
| | | compressors: |
| | | NULL |
| | | cipher preference: client |
| | | TLSv1.3: |
| | | ciphers: |
| | | TLS_AKE_WITH_AES_128_CCM_SHA256 (ecdh_x25519) - A |
| | | TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A |
| | | TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A |
| | | TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A |
| | | cipher preference: client |
| | |_ least strength: A |
| | |
| | Nmap done: 1 IP address (1 host up) scanned in 1.28 seconds</code> |
| | |
