Копипаста статьи с форума DirectAdmin. Нужно установить следующие значения в указанных файлах:

Apache

/etc/httpd/conf/extra/httpd-ssl.conf

SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite HIGH:!aNULL:!MD5

Nginx/Proxy

/usr/local/directadmin/data/templates/nginx_ips.conf
/usr/local/directadmin/data/templates/nginx_server_secure.conf
/usr/local/directadmin/data/templates/nginx_server_secure_sub.conf
/etc/nginx/directadmin-ips.conf
/etc/nginx/nginx-vhosts.conf

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Dovecot: 2.1+

/etc/dovecot/dovecot.conf

ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

Exim: 4.80+

/etc/exim.conf

openssl_options = +no_sslv2 +no_sslv3
tls_require_ciphers = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

DirectAdmin

/usr/local/directadmin/conf/directadmin.conf

Current binaries only allow TLSv1.2:

ssl_cipher=HIGH:!aNULL:!MD5

Binaries older than October 16, 2014 use this

ssl_cipher=ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-SSLv3:-EXP

Pure-FTPd

/etc/init.d/pure-ftpd
/usr/libexec/pureftpd_startscript

OPTIONS="${OPTIONS} -Y 1 -J -S:HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3"

ProFTPd

/etc/proftpd.conf

TLSProtocol TLSv1
TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
Отмечено:

Добавить комментарий