Re: [users@httpd] TLS1.2
curl has similar parameters to test different SSL protocols. 2017-05-17 13:26 GMT+02:00 ANKIT PALRECHA: > Hi Daniel, > > Thanks for your suggestion. > > Yes I have default Apache installation in one of my software component. > Apache with Tomcat. > > And installation went well and also application running fine. > > > What else we can check to know openssl support tls1.2? > > > Thanks > > Ankit Jain > +91-9741336404 > > On Wed, May 17, 2017 at 4:53 PM, Daniel wrote: >> >> Make sure your openssl installation is correct. >> >> 2017-05-17 13:11 GMT+02:00 ANKIT PALRECHA : >> > Hi Daniel, >> > >> > I see below message when I query: >> > >> > C:\CA\secure-proxy\httpd\bin>openssl s_client -tls1 -connect IP:443 >> > WARNING: can't open config file: >> > c:\openSSL_102g\compileBin/ssl/openssl.cnf >> > connect: No such file or directory >> > connect:errno=0 >> > >> > >> > Thanks >> > >> > >> > >> > Ankit Jain >> > +91-9741336404 >> > >> > On Wed, May 17, 2017 at 4:24 PM, Daniel wrote: >> >> >> >> just use openssl to query your server >> >> >> >> hint: openssl s_client -tls1 -connect ip:port >> >> >> >> 2017-05-17 12:04 GMT+02:00 ANKIT PALRECHA : >> >> > Hello Marat, >> >> > >> >> > Thanks for your response, but it is internal and not Public facing. >> >> > >> >> > >> >> > >> >> > >> >> > Ankit Jain >> >> > +91-9741336404 >> >> > >> >> > On Wed, May 17, 2017 at 2:00 PM, Marat Khalili wrote: >> >> >> >> >> >> And, for completeness, if your server is public-facing (no pages >> >> >> need >> >> >> to >> >> >> be available, being able to connect is enough): >> >> >> https://www.ssllabs.com/ssltest/ >> >> >> >> >> >> >> >> >> -- >> >> >> >> >> >> With Best Regards, >> >> >> Marat Khalili >> >> >> >> >> >> On 16/05/17 22:04, ANKIT PALRECHA wrote: >> >> >> >> >> >> Hello Team, >> >> >> >> >> >> Any idea how can we test if apache supports TLS1.1 and TLS1.2? >> >> >> >> >> >> >> >> >> This is bundled with openssl? >> >> >> >> >> >> >> >> >> Please share detail on tls , how to test? >> >> >> >> >> >> Thanks >> >> >> Ankit Jain >> >> >> +91-9741336404 >> >> >> >> >> >> >> >> > >> >> >> >> >> >> >> >> -- >> >> Daniel Ferradal >> >> IT Specialist >> >> >> >> email dferradal at gmail.com >> >> linkedin es.linkedin.com/in/danielferradal >> >> >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> >> For additional commands, e-mail: users-h...@httpd.apache.org >> >> >> > >> >> >> >> -- >> Daniel Ferradal >> IT Specialist >> >> email dferradal at gmail.com >> linkedin es.linkedin.com/in/danielferradal >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > -- Daniel Ferradal IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] TLS1.2
Hi Daniel, Thanks for your suggestion. Yes I have default Apache installation in one of my software component. Apache with Tomcat. And installation went well and also application running fine. What else we can check to know openssl support tls1.2? Thanks Ankit Jain +91-9741336404 On Wed, May 17, 2017 at 4:53 PM, Danielwrote: > Make sure your openssl installation is correct. > > 2017-05-17 13:11 GMT+02:00 ANKIT PALRECHA : > > Hi Daniel, > > > > I see below message when I query: > > > > C:\CA\secure-proxy\httpd\bin>openssl s_client -tls1 -connect IP:443 > > WARNING: can't open config file: c:\openSSL_102g\compileBin/ > ssl/openssl.cnf > > connect: No such file or directory > > connect:errno=0 > > > > > > Thanks > > > > > > > > Ankit Jain > > +91-9741336404 > > > > On Wed, May 17, 2017 at 4:24 PM, Daniel wrote: > >> > >> just use openssl to query your server > >> > >> hint: openssl s_client -tls1 -connect ip:port > >> > >> 2017-05-17 12:04 GMT+02:00 ANKIT PALRECHA : > >> > Hello Marat, > >> > > >> > Thanks for your response, but it is internal and not Public facing. > >> > > >> > > >> > > >> > > >> > Ankit Jain > >> > +91-9741336404 > >> > > >> > On Wed, May 17, 2017 at 2:00 PM, Marat Khalili wrote: > >> >> > >> >> And, for completeness, if your server is public-facing (no pages need > >> >> to > >> >> be available, being able to connect is enough): > >> >> https://www.ssllabs.com/ssltest/ > >> >> > >> >> > >> >> -- > >> >> > >> >> With Best Regards, > >> >> Marat Khalili > >> >> > >> >> On 16/05/17 22:04, ANKIT PALRECHA wrote: > >> >> > >> >> Hello Team, > >> >> > >> >> Any idea how can we test if apache supports TLS1.1 and TLS1.2? > >> >> > >> >> > >> >> This is bundled with openssl? > >> >> > >> >> > >> >> Please share detail on tls , how to test? > >> >> > >> >> Thanks > >> >> Ankit Jain > >> >> +91-9741336404 > >> >> > >> >> > >> > > >> > >> > >> > >> -- > >> Daniel Ferradal > >> IT Specialist > >> > >> email dferradal at gmail.com > >> linkedin es.linkedin.com/in/danielferradal > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > >> For additional commands, e-mail: users-h...@httpd.apache.org > >> > > > > > > -- > Daniel Ferradal > IT Specialist > > email dferradal at gmail.com > linkedin es.linkedin.com/in/danielferradal > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] TLS1.2
Make sure your openssl installation is correct. 2017-05-17 13:11 GMT+02:00 ANKIT PALRECHA: > Hi Daniel, > > I see below message when I query: > > C:\CA\secure-proxy\httpd\bin>openssl s_client -tls1 -connect IP:443 > WARNING: can't open config file: c:\openSSL_102g\compileBin/ssl/openssl.cnf > connect: No such file or directory > connect:errno=0 > > > Thanks > > > > Ankit Jain > +91-9741336404 > > On Wed, May 17, 2017 at 4:24 PM, Daniel wrote: >> >> just use openssl to query your server >> >> hint: openssl s_client -tls1 -connect ip:port >> >> 2017-05-17 12:04 GMT+02:00 ANKIT PALRECHA : >> > Hello Marat, >> > >> > Thanks for your response, but it is internal and not Public facing. >> > >> > >> > >> > >> > Ankit Jain >> > +91-9741336404 >> > >> > On Wed, May 17, 2017 at 2:00 PM, Marat Khalili wrote: >> >> >> >> And, for completeness, if your server is public-facing (no pages need >> >> to >> >> be available, being able to connect is enough): >> >> https://www.ssllabs.com/ssltest/ >> >> >> >> >> >> -- >> >> >> >> With Best Regards, >> >> Marat Khalili >> >> >> >> On 16/05/17 22:04, ANKIT PALRECHA wrote: >> >> >> >> Hello Team, >> >> >> >> Any idea how can we test if apache supports TLS1.1 and TLS1.2? >> >> >> >> >> >> This is bundled with openssl? >> >> >> >> >> >> Please share detail on tls , how to test? >> >> >> >> Thanks >> >> Ankit Jain >> >> +91-9741336404 >> >> >> >> >> > >> >> >> >> -- >> Daniel Ferradal >> IT Specialist >> >> email dferradal at gmail.com >> linkedin es.linkedin.com/in/danielferradal >> >> - >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> > -- Daniel Ferradal IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] TLS1.2
Hi Daniel, I see below message when I query: C:\CA\secure-proxy\httpd\bin>openssl s_client -tls1 -connect IP:443 WARNING: can't open config file: c:\openSSL_102g\compileBin/ssl/openssl.cnf connect: No such file or directory connect:errno=0 Thanks Ankit Jain +91-9741336404 On Wed, May 17, 2017 at 4:24 PM, Danielwrote: > just use openssl to query your server > > hint: openssl s_client -tls1 -connect ip:port > > 2017-05-17 12:04 GMT+02:00 ANKIT PALRECHA : > > Hello Marat, > > > > Thanks for your response, but it is internal and not Public facing. > > > > > > > > > > Ankit Jain > > +91-9741336404 > > > > On Wed, May 17, 2017 at 2:00 PM, Marat Khalili wrote: > >> > >> And, for completeness, if your server is public-facing (no pages need to > >> be available, being able to connect is enough): > >> https://www.ssllabs.com/ssltest/ > >> > >> > >> -- > >> > >> With Best Regards, > >> Marat Khalili > >> > >> On 16/05/17 22:04, ANKIT PALRECHA wrote: > >> > >> Hello Team, > >> > >> Any idea how can we test if apache supports TLS1.1 and TLS1.2? > >> > >> > >> This is bundled with openssl? > >> > >> > >> Please share detail on tls , how to test? > >> > >> Thanks > >> Ankit Jain > >> +91-9741336404 > >> > >> > > > > > > -- > Daniel Ferradal > IT Specialist > > email dferradal at gmail.com > linkedin es.linkedin.com/in/danielferradal > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
Re: [users@httpd] TLS1.2
just use openssl to query your server hint: openssl s_client -tls1 -connect ip:port 2017-05-17 12:04 GMT+02:00 ANKIT PALRECHA: > Hello Marat, > > Thanks for your response, but it is internal and not Public facing. > > > > > Ankit Jain > +91-9741336404 > > On Wed, May 17, 2017 at 2:00 PM, Marat Khalili wrote: >> >> And, for completeness, if your server is public-facing (no pages need to >> be available, being able to connect is enough): >> https://www.ssllabs.com/ssltest/ >> >> >> -- >> >> With Best Regards, >> Marat Khalili >> >> On 16/05/17 22:04, ANKIT PALRECHA wrote: >> >> Hello Team, >> >> Any idea how can we test if apache supports TLS1.1 and TLS1.2? >> >> >> This is bundled with openssl? >> >> >> Please share detail on tls , how to test? >> >> Thanks >> Ankit Jain >> +91-9741336404 >> >> > -- Daniel Ferradal IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] TLS1.2
Hello Marat, Thanks for your response, but it is internal and not Public facing. Ankit Jain +91-9741336404 On Wed, May 17, 2017 at 2:00 PM, Marat Khaliliwrote: > And, for completeness, if your server is public-facing (no pages need to > be available, being able to connect is enough): https://www.ssllabs.com/ > ssltest/ > > -- > > With Best Regards, > Marat Khalili > > On 16/05/17 22:04, ANKIT PALRECHA wrote: > > Hello Team, > > Any idea how can we test if apache supports TLS1.1 and TLS1.2? > > > This is bundled with openssl? > > > Please share detail on tls , how to test? > > Thanks > Ankit Jain > +91-9741336404 > > >
Re: [users@httpd] TLS1.2
Hi Akshar, nmap is not present ,hence unable to run that query you gave. Do we have any other option to validate this? I have Apache version: Server version: Apache/2.4.18 (Win32) Thanks Ankit Jain +91-9741336404 On Wed, May 17, 2017 at 1:30 PM, Akshar Kanakwrote: > Hi >After making the configuration in ssl.conf , you can use nmap script to > check if HTTPS server is actually supporting it or not . > > https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html > > Thanks and regards > Akshar > > On Wed, May 17, 2017 at 12:34 AM, ANKIT PALRECHA > wrote: > >> Hello Team, >> >> Any idea how can we test if apache supports TLS1.1 and TLS1.2? >> >> >> This is bundled with openssl? >> >> >> Please share detail on tls , how to test? >> >> Thanks >> Ankit Jain >> +91-9741336404 >> > >
Re: [users@httpd] TLS1.2
And, for completeness, if your server is public-facing (no pages need to be available, being able to connect is enough): https://www.ssllabs.com/ssltest/ -- With Best Regards, Marat Khalili On 16/05/17 22:04, ANKIT PALRECHA wrote: Hello Team, Any idea how can we test if apache supports TLS1.1 and TLS1.2? This is bundled with openssl? Please share detail on tls , how to test? Thanks Ankit Jain +91-9741336404
Re: [users@httpd] TLS1.2
Hi After making the configuration in ssl.conf , you can use nmap script to check if HTTPS server is actually supporting it or not . https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html Thanks and regards Akshar On Wed, May 17, 2017 at 12:34 AM, ANKIT PALRECHAwrote: > Hello Team, > > Any idea how can we test if apache supports TLS1.1 and TLS1.2? > > > This is bundled with openssl? > > > Please share detail on tls , how to test? > > Thanks > Ankit Jain > +91-9741336404 >
RE: [users@httpd] TLS1.2
Turn off SSLv3 and TLS 1.0. Borrowed config: SSLEngine on SSLCertificateFile "/etc/httpd/certs/facultyrecruitingqa_northwestern_edu_cert.cer" SSLCertificateKeyFile "/etc/httpd/certs/key.pem" # "Modern" configuration, defined by the Mozilla Foundation's SSL Configuration # Generator as of August 2016. This tool is available at # https://mozilla.github.io/server-side-tls/ssl-config-generator/ SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # Many ciphers defined here require a modern version (1.0.1+) of OpenSSL. Some # require OpenSSL 1.1.0, which as of this writing was in pre-release. SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on SSLCompression off Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" Darryl Baker Sr. System Administrator Northwestern | Information Technology www.it.northwestern.edu From: ANKIT PALRECHA [mailto:ankyt.palre...@gmail.com] Sent: May 16, 2017 2:05 PM To: users@httpd.apache.org Subject: [users@httpd] TLS1.2 Hello Team, Any idea how can we test if apache supports TLS1.1 and TLS1.2? This is bundled with openssl? Please share detail on tls , how to test? Thanks Ankit Jain +91-9741336404
Re: [users@httpd] TLS1.2
HTTPD will support it if OpenSSL supports it. 2017-05-16 21:04 GMT+02:00 ANKIT PALRECHA: > Hello Team, > > Any idea how can we test if apache supports TLS1.1 and TLS1.2? > > > This is bundled with openssl? > > > Please share detail on tls , how to test? > > Thanks > Ankit Jain > +91-9741336404 -- Daniel Ferradal IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] TLS1.2
Hello Team, Any idea how can we test if apache supports TLS1.1 and TLS1.2? This is bundled with openssl? Please share detail on tls , how to test? Thanks Ankit Jain +91-9741336404