Security
cancel
Showing results for 
Search instead for 
Did you mean: 

Changing SSL / TSL in Apache for better security on HP-UX 11.11

 
JDR45
Frequent Advisor

Changing SSL / TSL in Apache for better security on HP-UX 11.11

I'm not an apache expert, so I apologize in advance if I leave out any important details.  Several of the HP-UX 11.11 servers I support do some behind the scenes connections to a webserver.  A different team is increasing the security on that webserver by disabling SSLv3 traffic.  They want to move on to TLS 1.2.

So I was told to disable SSLv3 on the 11.11 servers by adding this line to /extra/httpd-ssl.conf file-

SSLProtocol -all +TLSv1.2

or maybe

SSLProtocol all -SSLv2 -SSLv3

But so far I haven't been able to find the extra/httpd-ssl.conf file.

In /opt/hpws/apache/conf there are several promising looking files going back to 2005 - 2007, like httpd.conf, ssl-std.conf, ssl.conf, and httpd-std.conf.  I read through all of those files, but I've never read through them before, and nothing jumped out at me as a good place to mess with adding or removing SSL Protocols.

 Although this looks somewhat promising, in ssl.conf-

SSLCipherSuite !ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

I went to /opt/hpws/apache/bin and ran ./apachectl -v and the HP-UX 11.11 server is running Apache 2.0.58.  And we have OpenSSL 0.9.7 from 2004.

Yep, lots of older software and hardware :)

Any advice on what file to edit so the HP-UX servers will disable SSLv3 / TLSv1.0 and force the use of the more secure TLSv1.1 or TLSv1.2?

Thanks in advance.  Hope that made some sense!