An AOLserver configuration file from an old server I used to run has this
section defined:
ns_param ProtocolSSLv2, SSLv3, TLSv1
ns_param CipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
From the OpenSSL documentation:
Only enable TLSv1.2:
SSL_CONF_cmd(ctx,
By the way, ignore my CipherSuite line in there — you obviously don’t want
SSLv2, +LOW, +MEDIUM and other components - you’ll likely just want the TLS
v1.2 ciphers, which are listed here:
https://www.openssl.org/docs/apps/ciphers.html#TLS-v1.2-cipher-suites
I’m not up-to-date on proper configurations.
Just as a reference: with the ciphers and Protocol from NaviServer's
nsssl [1]
one can get an A+ rating from SSL Labs [2]. One should also get decent
ratings with these configuration values from AOLserver.
-g
[1]