[ZendTo] Debian + ZendTo + SSL

Joao Alexandre jalexandre1964 at gmail.com
Thu Jul 5 13:57:50 BST 2012


Hi All,

Our ZendTo server has been audited for security reasons and,
congratulations to Jules, the code seems secure with apparently no
problems.

One thing that I had to do regarding Apache, and to make it
invulnerable to "BEAST attack", was to add the following lines to the
ssl configuration:

SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

https://community.qualys.com/blogs/securitylabs/2011/10/17/mitigating-the-beast-attack-on-tls

Hope this helps someone.

Regards,

J.


More information about the ZendTo mailing list