HPE Community
Operating System - HP-UX
1820695 Members
3515 Online
109627 Solutions
New Discussion

Changing SSL / TSL in Apache for better security on HP-UX 11.11

 
JDR45
Frequent Advisor

‎05-22-2018 09:52 AM

‎05-22-2018 09:52 AM

Changing SSL / TSL in Apache for better security on HP-UX 11.11

I'm not an apache expert, so I apologize in advance if I leave out any important details.  Several of the HP-UX 11.11 servers I support do some behind the scenes connections to a webserver.  A different team is increasing the security on that webserver by disabling SSLv3 traffic.  They want to move on to TLS 1.2.

So I was told to disable SSLv3 on the 11.11 servers by adding this line to /extra/httpd-ssl.conf file-

SSLProtocol -all +TLSv1.2

or maybe

SSLProtocol all -SSLv2 -SSLv3

But so far I haven't been able to find the extra/httpd-ssl.conf file.

In /opt/hpws/apache/conf there are several promising looking files going back to 2005 - 2007, like httpd.conf, ssl-std.conf, ssl.conf, and httpd-std.conf.  I read through all of those files, but I've never read through them before, and nothing jumped out at me as a good place to mess with adding or removing SSL Protocols.

 Although this looks somewhat promising, in ssl.conf-

SSLCipherSuite !ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

I went to /opt/hpws/apache/bin and ran ./apachectl -v and the HP-UX 11.11 server is running Apache 2.0.58.  And we have OpenSSL 0.9.7 from 2004.

Yep, lots of older software and hardware :)

Any advice on what file to edit so the HP-UX servers will disable SSLv3 / TLSv1.0 and force the use of the more secure TLSv1.1 or TLSv1.2?

Thanks in advance.  Hope that made some sense!

 

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.