[Ach] SSL for limited user groups
Robert M. Albrecht
lists at romal.org
Thu Jan 1 13:26:15 CET 2015
Hi,
I'm running my own Owncloud installation. Owncloud is running ontop of
CentOS7 and Apache.
I used your PDF file to configure Apaches mod_ssl. Thank your all for
that work !
Since I know exactly which operating systems, which browser and tools I
use to connect I can cut much SSL stuff and have stoppped with:
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite
'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:!CAMELLIA128:!AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:'
This works with Ownclouds desktop sync clients, recent Browsers, Mac OSX
caldav & carddav, Android 5 davdroid and with Gnome 3 integrated
Owncloud support.
I get a Qualys SSL lab score of A+ with four times 100%.
Bottom line:
I'm no expert in webhosting, but your SSL setup is likely targeted to
balance compatibility & security for general SSL masshosting for unkown
users.
But in limited user groups the recommendations may be much stronger.
If you are interesseted, I can write some text for the PDF which you
might include.
Or are limited / closed user groups out of your scope ?
cu romal
More information about the Ach
mailing list