Skip to main content
Unix & Linux

Return to Answer

Yeah, it's trivial, but the commands won't work as entered...
Source Link
edit approved Mar 23, 2016 at 14:34
Auspex
edit approved Mar 23, 2016 at 14:34
Auspex
  • 485
  • 3
  • 13

  1. DH Parameters - This only applies if you plan to use a DHE_RSA_<insert cipher here>. If you do not plan to use any of those ciphers, the point is moot

  2. EC Params - You are required to upgrade to Apache 2.4.8 or greater and have OpenSSL 1.0.2 or greater. Neither of which come in Ubuntu 14.04.x. You will need to do:

    apt-add-respositoryrepository ppa:ppa:ondrej/apache2 #corrected apt-get update apt-get upgrade openssl apt-get upgrade apache2

Once you are on latest Apache2 and OpenSSL libraries, you can update EC ciphers by adding the following line inside your <VirtualHost *:443> container:

SSLOpenSSLConfCmd Curves secp384r1

If you want more then one curve:

SSLOpenSSLConfCmd Curves secp384r1:secp521r1

Then bump the service:

service apache2 restart

  1. DH Parameters - This only applies if you plan to use a DHE_RSA_<insert cipher here>. If you do not plan to use any of those ciphers, the point is moot

  2. EC Params - You are required to upgrade to Apache 2.4.8 or greater and have OpenSSL 1.0.2 or greater. Neither of which come in Ubuntu 14.04.x. You will need to do:

    apt-add-respository ppa:ppa:ondrej/apache2 apt-get update apt-get upgrade openssl apt-get upgrade apache2

Once you are on latest Apache2 and OpenSSL libraries, you can update EC ciphers by adding the following line inside your <VirtualHost *:443> container:

SSLOpenSSLConfCmd Curves secp384r1

If you want more then one curve:

SSLOpenSSLConfCmd Curves secp384r1:secp521r1

Then bump the service:

service apache2 restart

  1. DH Parameters - This only applies if you plan to use a DHE_RSA_<insert cipher here>. If you do not plan to use any of those ciphers, the point is moot

  2. EC Params - You are required to upgrade to Apache 2.4.8 or greater and have OpenSSL 1.0.2 or greater. Neither of which come in Ubuntu 14.04.x. You will need to do:

    apt-add-repository ppa:ondrej/apache2 #corrected apt-get update apt-get upgrade openssl apt-get upgrade apache2

Once you are on latest Apache2 and OpenSSL libraries, you can update EC ciphers by adding the following line inside your <VirtualHost *:443> container:

SSLOpenSSLConfCmd Curves secp384r1

If you want more then one curve:

SSLOpenSSLConfCmd Curves secp384r1:secp521r1

Then bump the service:

service apache2 restart
added more config options
Source Link
EagleEye208
EagleEye208
  • 141
  • 5

  1. DH Parameters - This only applies if you plan to use a DHE_RSA_<insert cipher here>. If you do not plan to use any of those ciphers, the point is moot

  2. EC Params - You are required to upgrade to Apache 2.4.8 or greater and have OpenSSL 1.0.2 or greater. Neither of which come in Ubuntu 14.04.x. You will need to do:

    apt-add-respository ppa:ppa:ondrej/apache2 apt-get update apt-get upgrade openssl apt-get upgrade apache2

Once you are on latest Apache2 and OpenSSL libraries, you can update EC ciphers by adding the following line inside your <VirtualHost *:443> container:

SSLOpenSSLConfCmd Curves secp384r1

If you want more then one curve:

SSLOpenSSLConfCmd Curves secp384r1:secp521r1

Then bump the service:

service apache2 restart

  1. DH Parameters - This only applies if you plan to use a DHE_RSA_<insert cipher here>. If you do not plan to use any of those ciphers, the point is moot

  2. EC Params - You are required to upgrade to Apache 2.4.8 or greater and have OpenSSL 1.0.2 or greater. Neither of which come in Ubuntu 14.04.x. You will need to do:

    apt-add-respository ppa:ppa:ondrej/apache2 apt-get update apt-get upgrade openssl apt-get upgrade apache2

Once you are on latest Apache2 and OpenSSL libraries, you can update EC ciphers by adding the following line inside your <VirtualHost *:443> container:

SSLOpenSSLConfCmd Curves secp384r1

Then bump the service:

service apache2 restart

  1. DH Parameters - This only applies if you plan to use a DHE_RSA_<insert cipher here>. If you do not plan to use any of those ciphers, the point is moot

  2. EC Params - You are required to upgrade to Apache 2.4.8 or greater and have OpenSSL 1.0.2 or greater. Neither of which come in Ubuntu 14.04.x. You will need to do:

    apt-add-respository ppa:ppa:ondrej/apache2 apt-get update apt-get upgrade openssl apt-get upgrade apache2

Once you are on latest Apache2 and OpenSSL libraries, you can update EC ciphers by adding the following line inside your <VirtualHost *:443> container:

SSLOpenSSLConfCmd Curves secp384r1

If you want more then one curve:

SSLOpenSSLConfCmd Curves secp384r1:secp521r1

Then bump the service:

service apache2 restart
deleted 8 characters in body
Source Link
Jakuje
Jakuje
  • 21.9k
  • 7
  • 56
  • 74

  1. DH Parameters - This only applies if you plan to use a DHE_RSA_<insert cipher here>. If you do not plan to use any of those ciphers, the point is moot

  2. EC Params - You are required to upgrade to Apache 2.4.8 or greater and have OpenSSL 1.0.2 or greater. Neither of which come in Ubuntu 14.04.x. You will need to do:

    apt-add-respository ppa:ppa:ondrej/apache2 apt-get update apt-get upgrade openssl apt-get upgrade apache2

Once you are on latest Apache2 and OpenSSL libraries, you can update EC ciphers by adding the following line inside your <VirtualHost *:443> container:

 SSLOpenSSLConfCmd Curves secp384r1

Then bump the service:

 service apache2 restart

  1. DH Parameters - This only applies if you plan to use a DHE_RSA_<insert cipher here>. If you do not plan to use any of those ciphers, the point is moot

  2. EC Params - You are required to upgrade to Apache 2.4.8 or greater and have OpenSSL 1.0.2 or greater. Neither of which come in Ubuntu 14.04.x. You will need to do:

    apt-add-respository ppa:ppa:ondrej/apache2 apt-get update apt-get upgrade openssl apt-get upgrade apache2

Once you are on latest Apache2 and OpenSSL libraries, you can update EC ciphers by adding the following line inside your <VirtualHost *:443> container:

 SSLOpenSSLConfCmd Curves secp384r1

Then bump the service:

 service apache2 restart

  1. DH Parameters - This only applies if you plan to use a DHE_RSA_<insert cipher here>. If you do not plan to use any of those ciphers, the point is moot

  2. EC Params - You are required to upgrade to Apache 2.4.8 or greater and have OpenSSL 1.0.2 or greater. Neither of which come in Ubuntu 14.04.x. You will need to do:

    apt-add-respository ppa:ppa:ondrej/apache2 apt-get update apt-get upgrade openssl apt-get upgrade apache2

Once you are on latest Apache2 and OpenSSL libraries, you can update EC ciphers by adding the following line inside your <VirtualHost *:443> container:

SSLOpenSSLConfCmd Curves secp384r1

Then bump the service:

service apache2 restart
Source Link
EagleEye208
EagleEye208
  • 141
  • 5