*** I would advice anyone who reads this not to blindly apply configuration changes on their servers ***
My server is on CentOS 5.11 and has OpenSSL 0.9.8e.
If I apply the changes put out by cPanel for Apache:
Then sure, browsers are now always connecting using TLS and I get a pretty score on the sslabs test.
However, 2 major issues arose:
1. PayPal IPN pings towards my server are no longer comming through. It appears PayPal is unable to do a correct handshake with my server after this change. I don't blame them, It's most likely due to the OpenSSL version in CentOS 5.
2. A simple wget using https to my server now fails. Try this:
Some better instructions for CentOS 5.X that also cover the above situations would be greatly appreciated...
My server is on CentOS 5.11 and has OpenSSL 0.9.8e.
If I apply the changes put out by cPanel for Apache:
Code:
SSLHonorCipherOrder On
SSLProtocol All -SSLv2 -SSLv3
However, 2 major issues arose:
1. PayPal IPN pings towards my server are no longer comming through. It appears PayPal is unable to do a correct handshake with my server after this change. I don't blame them, It's most likely due to the OpenSSL version in CentOS 5.
2. A simple wget using https to my server now fails. Try this:
Code:
root@server [~]# wget -O /dev/null https://domain.com
--2014-10-18 12:41:52-- https://domain.com
Resolving domain.com... 1.2.3.4
Connecting to domain.com|1.2.3.4|:443... connected.
[B]Unable to establish SSL connection.[/B]