====== Secure web server ======

First of all, check security your web server on this page

[[https://www.ssllabs.com/ssltest/index.html|SSL Server Test]]

After that you can start fix your security problems.

===== Disabling SSL 3.0 in mod_ssl =====


To mitigate this vulnerability as it affects httpd using mod_ssl, set the SSLProtocol directive as follows in /etc/httpd/conf.d/ssl.conf:

Note: This directive must either be located at the topmost level of the configuration file, or inside the default virtual host configuration for an address.

==== Option 1: Disable SSLv2 and SSLv3 (Enable everything except SSLv2 and SSLv3) ====

<code bash>
SSLProtocol All -SSLv2 -SSLv3
</code>

Then restart httpd:
<code bash>
# service httpd restart
</code>
==== Option 2: Disable everything except TLSv1.x ====


On Red Hat Enterprise Linux 7 or Red Hat Enterprise Linux 6.6 and later:

<code bash>
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
</code>

On other platforms, including Red Hat Enterprise Linux 5

<code bash>
SSLProtocol -All +TLSv1
</code>
Then restart httpd:
<code bash>
# service httpd restart
</code>