Hello All,

I have been working on setting up an SSL reverse proxy between two Apache
instances on our web server and as a result started researching what is
the best version of SSL to use after reviewing our current website
configuration. If I understand the IBM documentation correctly, it seems
like IBM's version of Apache allows one to specify ALL for the SSL version
or a particular version . By contrast, the Linux version allows more
combinations, like a certain version and all subsequent ones, e.g., TLS
1.0 +. We are using IBM i Apache 7.1, and ALL does not seem like a good
option since it would include the potential use of SSL 2.0 which is
apparently insecure. If all this is correct, then it seems we need to
standardize on a particular SSL version. Currently we use TLS 1.0 w/SSL
3.0 compatibility. Would anyone be willing to volunteer what they see as
the best IBM i Apache SSL configuration in terms of version and cipher
suites without compromising compatibility? Ideally, we would like to use
the newest versions of TLS and cipher suites practical without eliminating
browser backwards compatibility. To some extent this is a subjective
question, but I would think that any browser limited to insecure SSL
versions and/or cipher suites should be eliminated from consideration,
especially since we accept credit card payments on our website. Any advice
would be welcome.

Thanks,
Blake

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.