Analysis: The Default httpd.conf configuration files support SSLv2 with various encryption algorithms. The configuration can be changed as follows (from CC Installation Guide): 1. Open the file WebServer/conf/httpd.conf in a text editor 2. To restrict ciphersuite and Secure Transport Protocol in the httpd.conf file, alter all three occurrences of the SSLCipherSuite configuration option value as follows: 2.1 Locate the line: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:SSLv2:+EXP:+eNULL Note: There are three occurrences of the above text: one for each of the Enrollment, Administration, and Renewal Servers. 2.2 Modify it to: SSLCipherSuite DES-CBC3-SHA 2.3 On a new line under each altered SSLCipherSuite, add the SSLProtocol configuration option and value: SSLProtocol +TLSv1 3. Save the httpd.conf file
|