2017-03-30 14:07 GMT+02:00 Abernathy, Don <daberna...@mfs.com>: > Most common way we did this was in the Virtual host directive for the SSL > side of the site, was to declare what is and is not allowed. > > Plenty of docs on this out there but here is ours: > > >
This is IBM HTTP Server not Apache HTTPD! > > > SSLEnable > > SSLProtocolDisable SSLv2 SSLv3 > > SSLCipherSpec ALL NONE > > SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 > > SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 > > SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 > > SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 > > SSLCipherSpec ALL TLS_RSA_WITH_AES_128_GCM_SHA256 > > SSLCipherSpec ALL TLS_RSA_WITH_AES_256_GCM_SHA384 > > SSLCipherSpec ALL TLS_RSA_WITH_AES_128_CBC_SHA256 > > SSLCipherSpec ALL TLS_RSA_WITH_AES_256_CBC_SHA256 > > SSLClientAuth 0 > > > > *Don Abernathy * > > *Group Manager- Web Services* > > *T:* 617-954-4127 <(617)%20954-4127> > MFS Investment Management > 111 Huntington Ave, Boston, MA 02199 > > > -- *Daniel Ferradal* IT Specialist email dferradal at gmail.com linkedin es.linkedin.com/in/danielferradal