Re: [users@httpd] TLS1.2

2017-05-17 Thread Daniel 
curl has similar parameters to test different SSL protocols.

2017-05-17 13:26 GMT+02:00 ANKIT PALRECHA :
> Hi Daniel,
>
> Thanks for your suggestion.
>
> Yes I have default Apache installation in one of my software component.
> Apache with Tomcat.
>
> And installation went well and also application running fine.
>
>
> What else we can check to know openssl support tls1.2?
>
>
> Thanks
>
> Ankit Jain
> +91-9741336404
>
> On Wed, May 17, 2017 at 4:53 PM, Daniel  wrote:
>>
>> Make sure your openssl installation is correct.
>>
>> 2017-05-17 13:11 GMT+02:00 ANKIT PALRECHA :
>> > Hi Daniel,
>> >
>> > I see below message when I query:
>> >
>> > C:\CA\secure-proxy\httpd\bin>openssl s_client -tls1 -connect  IP:443
>> > WARNING: can't open config file:
>> > c:\openSSL_102g\compileBin/ssl/openssl.cnf
>> > connect: No such file or directory
>> > connect:errno=0
>> >
>> >
>> > Thanks
>> >
>> >
>> >
>> > Ankit Jain
>> > +91-9741336404
>> >
>> > On Wed, May 17, 2017 at 4:24 PM, Daniel  wrote:
>> >>
>> >> just use openssl to query your server
>> >>
>> >> hint: openssl s_client -tls1 -connect ip:port
>> >>
>> >> 2017-05-17 12:04 GMT+02:00 ANKIT PALRECHA :
>> >> > Hello Marat,
>> >> >
>> >> > Thanks for your response, but it is internal and not Public facing.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > Ankit Jain
>> >> > +91-9741336404
>> >> >
>> >> > On Wed, May 17, 2017 at 2:00 PM, Marat Khalili  wrote:
>> >> >>
>> >> >> And, for completeness, if your server is public-facing (no pages
>> >> >> need
>> >> >> to
>> >> >> be available, being able to connect is enough):
>> >> >> https://www.ssllabs.com/ssltest/
>> >> >>
>> >> >>
>> >> >> --
>> >> >>
>> >> >> With Best Regards,
>> >> >> Marat Khalili
>> >> >>
>> >> >> On 16/05/17 22:04, ANKIT PALRECHA wrote:
>> >> >>
>> >> >> Hello Team,
>> >> >>
>> >> >> Any idea how can we test if apache supports TLS1.1 and TLS1.2?
>> >> >>
>> >> >>
>> >> >> This is bundled with openssl?
>> >> >>
>> >> >>
>> >> >> Please share detail on tls , how to test?
>> >> >>
>> >> >> Thanks
>> >> >> Ankit Jain
>> >> >> +91-9741336404
>> >> >>
>> >> >>
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Daniel Ferradal
>> >> IT Specialist
>> >>
>> >> email dferradal at gmail.com
>> >> linkedin es.linkedin.com/in/danielferradal
>> >>
>> >> -
>> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> >> For additional commands, e-mail: users-h...@httpd.apache.org
>> >>
>> >
>>
>>
>>
>> --
>> Daniel Ferradal
>> IT Specialist
>>
>> email dferradal at gmail.com
>> linkedin es.linkedin.com/in/danielferradal
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>



-- 
Daniel Ferradal
IT Specialist

email dferradal at gmail.com
linkedin es.linkedin.com/in/danielferradal

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] TLS1.2

2017-05-17 Thread ANKIT PALRECHA 
Hi Daniel,

Thanks for your suggestion.

Yes I have default Apache installation in one of my software component.
Apache with Tomcat.

And installation went well and also application running fine.


What else we can check to know openssl support tls1.2?


Thanks

Ankit Jain
+91-9741336404

On Wed, May 17, 2017 at 4:53 PM, Daniel  wrote:

> Make sure your openssl installation is correct.
>
> 2017-05-17 13:11 GMT+02:00 ANKIT PALRECHA :
> > Hi Daniel,
> >
> > I see below message when I query:
> >
> > C:\CA\secure-proxy\httpd\bin>openssl s_client -tls1 -connect  IP:443
> > WARNING: can't open config file: c:\openSSL_102g\compileBin/
> ssl/openssl.cnf
> > connect: No such file or directory
> > connect:errno=0
> >
> >
> > Thanks
> >
> >
> >
> > Ankit Jain
> > +91-9741336404
> >
> > On Wed, May 17, 2017 at 4:24 PM, Daniel  wrote:
> >>
> >> just use openssl to query your server
> >>
> >> hint: openssl s_client -tls1 -connect ip:port
> >>
> >> 2017-05-17 12:04 GMT+02:00 ANKIT PALRECHA :
> >> > Hello Marat,
> >> >
> >> > Thanks for your response, but it is internal and not Public facing.
> >> >
> >> >
> >> >
> >> >
> >> > Ankit Jain
> >> > +91-9741336404
> >> >
> >> > On Wed, May 17, 2017 at 2:00 PM, Marat Khalili  wrote:
> >> >>
> >> >> And, for completeness, if your server is public-facing (no pages need
> >> >> to
> >> >> be available, being able to connect is enough):
> >> >> https://www.ssllabs.com/ssltest/
> >> >>
> >> >>
> >> >> --
> >> >>
> >> >> With Best Regards,
> >> >> Marat Khalili
> >> >>
> >> >> On 16/05/17 22:04, ANKIT PALRECHA wrote:
> >> >>
> >> >> Hello Team,
> >> >>
> >> >> Any idea how can we test if apache supports TLS1.1 and TLS1.2?
> >> >>
> >> >>
> >> >> This is bundled with openssl?
> >> >>
> >> >>
> >> >> Please share detail on tls , how to test?
> >> >>
> >> >> Thanks
> >> >> Ankit Jain
> >> >> +91-9741336404
> >> >>
> >> >>
> >> >
> >>
> >>
> >>
> >> --
> >> Daniel Ferradal
> >> IT Specialist
> >>
> >> email dferradal at gmail.com
> >> linkedin es.linkedin.com/in/danielferradal
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> >> For additional commands, e-mail: users-h...@httpd.apache.org
> >>
> >
>
>
>
> --
> Daniel Ferradal
> IT Specialist
>
> email dferradal at gmail.com
> linkedin es.linkedin.com/in/danielferradal
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] TLS1.2

2017-05-17 Thread Daniel 
Make sure your openssl installation is correct.

2017-05-17 13:11 GMT+02:00 ANKIT PALRECHA :
> Hi Daniel,
>
> I see below message when I query:
>
> C:\CA\secure-proxy\httpd\bin>openssl s_client -tls1 -connect  IP:443
> WARNING: can't open config file: c:\openSSL_102g\compileBin/ssl/openssl.cnf
> connect: No such file or directory
> connect:errno=0
>
>
> Thanks
>
>
>
> Ankit Jain
> +91-9741336404
>
> On Wed, May 17, 2017 at 4:24 PM, Daniel  wrote:
>>
>> just use openssl to query your server
>>
>> hint: openssl s_client -tls1 -connect ip:port
>>
>> 2017-05-17 12:04 GMT+02:00 ANKIT PALRECHA :
>> > Hello Marat,
>> >
>> > Thanks for your response, but it is internal and not Public facing.
>> >
>> >
>> >
>> >
>> > Ankit Jain
>> > +91-9741336404
>> >
>> > On Wed, May 17, 2017 at 2:00 PM, Marat Khalili  wrote:
>> >>
>> >> And, for completeness, if your server is public-facing (no pages need
>> >> to
>> >> be available, being able to connect is enough):
>> >> https://www.ssllabs.com/ssltest/
>> >>
>> >>
>> >> --
>> >>
>> >> With Best Regards,
>> >> Marat Khalili
>> >>
>> >> On 16/05/17 22:04, ANKIT PALRECHA wrote:
>> >>
>> >> Hello Team,
>> >>
>> >> Any idea how can we test if apache supports TLS1.1 and TLS1.2?
>> >>
>> >>
>> >> This is bundled with openssl?
>> >>
>> >>
>> >> Please share detail on tls , how to test?
>> >>
>> >> Thanks
>> >> Ankit Jain
>> >> +91-9741336404
>> >>
>> >>
>> >
>>
>>
>>
>> --
>> Daniel Ferradal
>> IT Specialist
>>
>> email dferradal at gmail.com
>> linkedin es.linkedin.com/in/danielferradal
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>



-- 
Daniel Ferradal
IT Specialist

email dferradal at gmail.com
linkedin es.linkedin.com/in/danielferradal

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] TLS1.2

2017-05-17 Thread ANKIT PALRECHA 
Hi Daniel,

I see below message when I query:

C:\CA\secure-proxy\httpd\bin>openssl s_client -tls1 -connect  IP:443
WARNING: can't open config file: c:\openSSL_102g\compileBin/ssl/openssl.cnf
connect: No such file or directory
connect:errno=0


Thanks



Ankit Jain
+91-9741336404

On Wed, May 17, 2017 at 4:24 PM, Daniel  wrote:

> just use openssl to query your server
>
> hint: openssl s_client -tls1 -connect ip:port
>
> 2017-05-17 12:04 GMT+02:00 ANKIT PALRECHA :
> > Hello Marat,
> >
> > Thanks for your response, but it is internal and not Public facing.
> >
> >
> >
> >
> > Ankit Jain
> > +91-9741336404
> >
> > On Wed, May 17, 2017 at 2:00 PM, Marat Khalili  wrote:
> >>
> >> And, for completeness, if your server is public-facing (no pages need to
> >> be available, being able to connect is enough):
> >> https://www.ssllabs.com/ssltest/
> >>
> >>
> >> --
> >>
> >> With Best Regards,
> >> Marat Khalili
> >>
> >> On 16/05/17 22:04, ANKIT PALRECHA wrote:
> >>
> >> Hello Team,
> >>
> >> Any idea how can we test if apache supports TLS1.1 and TLS1.2?
> >>
> >>
> >> This is bundled with openssl?
> >>
> >>
> >> Please share detail on tls , how to test?
> >>
> >> Thanks
> >> Ankit Jain
> >> +91-9741336404
> >>
> >>
> >
>
>
>
> --
> Daniel Ferradal
> IT Specialist
>
> email dferradal at gmail.com
> linkedin es.linkedin.com/in/danielferradal
>
> -
> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> For additional commands, e-mail: users-h...@httpd.apache.org
>
>

Re: [users@httpd] TLS1.2

2017-05-17 Thread Daniel 
just use openssl to query your server

hint: openssl s_client -tls1 -connect ip:port

2017-05-17 12:04 GMT+02:00 ANKIT PALRECHA :
> Hello Marat,
>
> Thanks for your response, but it is internal and not Public facing.
>
>
>
>
> Ankit Jain
> +91-9741336404
>
> On Wed, May 17, 2017 at 2:00 PM, Marat Khalili  wrote:
>>
>> And, for completeness, if your server is public-facing (no pages need to
>> be available, being able to connect is enough):
>> https://www.ssllabs.com/ssltest/
>>
>>
>> --
>>
>> With Best Regards,
>> Marat Khalili
>>
>> On 16/05/17 22:04, ANKIT PALRECHA wrote:
>>
>> Hello Team,
>>
>> Any idea how can we test if apache supports TLS1.1 and TLS1.2?
>>
>>
>> This is bundled with openssl?
>>
>>
>> Please share detail on tls , how to test?
>>
>> Thanks
>> Ankit Jain
>> +91-9741336404
>>
>>
>



-- 
Daniel Ferradal
IT Specialist

email dferradal at gmail.com
linkedin es.linkedin.com/in/danielferradal

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [users@httpd] TLS1.2

2017-05-17 Thread ANKIT PALRECHA 
Hello Marat,

Thanks for your response, but it is internal and not Public facing.




Ankit Jain
+91-9741336404

On Wed, May 17, 2017 at 2:00 PM, Marat Khalili  wrote:

> And, for completeness, if your server is public-facing (no pages need to
> be available, being able to connect is enough): https://www.ssllabs.com/
> ssltest/
>
> --
>
> With Best Regards,
> Marat Khalili
>
> On 16/05/17 22:04, ANKIT PALRECHA wrote:
>
> Hello Team,
>
> Any idea how can we test if apache supports TLS1.1 and TLS1.2?
>
>
> This is bundled with openssl?
>
>
> Please share detail on tls , how to test?
>
> Thanks
> Ankit Jain
> +91-9741336404
>
>
>

Re: [users@httpd] TLS1.2

2017-05-17 Thread ANKIT PALRECHA 
Hi Akshar,

nmap is not present ,hence unable to run that query you gave.

Do we have any other option to validate this?

I have Apache version: Server version: Apache/2.4.18 (Win32)


Thanks

Ankit Jain
+91-9741336404

On Wed, May 17, 2017 at 1:30 PM, Akshar Kanak 
wrote:

> Hi
>After making the configuration in ssl.conf , you can use nmap script to
> check if HTTPS server is actually supporting it or not .
>
> https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
>
> Thanks and regards
> Akshar
>
> On Wed, May 17, 2017 at 12:34 AM, ANKIT PALRECHA  > wrote:
>
>> Hello Team,
>>
>> Any idea how can we test if apache supports TLS1.1 and TLS1.2?
>>
>>
>> This is bundled with openssl?
>>
>>
>> Please share detail on tls , how to test?
>>
>> Thanks
>> Ankit Jain
>> +91-9741336404
>>
>
>

Re: [users@httpd] TLS1.2

2017-05-17 Thread Marat Khalili 
And, for completeness, if your server is public-facing (no pages need to 
be available, being able to connect is enough): 
https://www.ssllabs.com/ssltest/



--

With Best Regards,
Marat Khalili

On 16/05/17 22:04, ANKIT PALRECHA wrote:

Hello Team,

Any idea how can we test if apache supports TLS1.1 and TLS1.2?


This is bundled with openssl?


Please share detail on tls , how to test?

Thanks
Ankit Jain
+91-9741336404

Re: [users@httpd] TLS1.2

2017-05-17 Thread Akshar Kanak 
Hi
   After making the configuration in ssl.conf , you can use nmap script to
check if HTTPS server is actually supporting it or not .

https://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html

Thanks and regards
Akshar

On Wed, May 17, 2017 at 12:34 AM, ANKIT PALRECHA 
wrote:

> Hello Team,
>
> Any idea how can we test if apache supports TLS1.1 and TLS1.2?
>
>
> This is bundled with openssl?
>
>
> Please share detail on tls , how to test?
>
> Thanks
> Ankit Jain
> +91-9741336404
>

RE: [users@httpd] TLS1.2

2017-05-16 Thread Darryl Philip Baker 
Turn off SSLv3 and TLS 1.0.
Borrowed config:
SSLEngine on
SSLCertificateFile 
"/etc/httpd/certs/facultyrecruitingqa_northwestern_edu_cert.cer"
SSLCertificateKeyFile "/etc/httpd/certs/key.pem"
# "Modern" configuration, defined by the Mozilla Foundation's SSL 
Configuration
# Generator as of August 2016. This tool is available at
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
# Many ciphers defined here require a modern version (1.0.1+) of 
OpenSSL. Some
# require OpenSSL 1.1.0, which as of this writing was in pre-release.
SSLCipherSuite  
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression  off
Header always set Strict-Transport-Security "max-age=63072000; 
includeSubdomains;"


Darryl Baker
Sr. System Administrator
Northwestern | Information Technology
www.it.northwestern.edu

From: ANKIT PALRECHA [mailto:ankyt.palre...@gmail.com]
Sent: May 16, 2017 2:05 PM
To: users@httpd.apache.org
Subject: [users@httpd] TLS1.2

Hello Team,

Any idea how can we test if apache supports TLS1.1 and TLS1.2?


This is bundled with openssl?


Please share detail on tls , how to test?

Thanks
Ankit Jain
+91-9741336404

Re: [users@httpd] TLS1.2

2017-05-16 Thread Daniel 
HTTPD will support it if OpenSSL supports it.

2017-05-16 21:04 GMT+02:00 ANKIT PALRECHA :
> Hello Team,
>
> Any idea how can we test if apache supports TLS1.1 and TLS1.2?
>
>
> This is bundled with openssl?
>
>
> Please share detail on tls , how to test?
>
> Thanks
> Ankit Jain
> +91-9741336404



-- 
Daniel Ferradal
IT Specialist

email dferradal at gmail.com
linkedin es.linkedin.com/in/danielferradal

-
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[users@httpd] TLS1.2

2017-05-16 Thread ANKIT PALRECHA 
Hello Team,

Any idea how can we test if apache supports TLS1.1 and TLS1.2?


This is bundled with openssl?


Please share detail on tls , how to test?

Thanks
Ankit Jain
+91-9741336404