2017-03-30 14:07 GMT+02:00 Abernathy, Don :
> Most common way we did this was in the Virtual host directive for the SSL
> side of the site, was to declare what is and is not allowed.
>
> Plenty of docs on this out there but here is ours:
>
>
>
This is IBM HTTP Server not Apache HTTPD!
>
>
> SSL
Most common way we did this was in the Virtual host directive for the SSL side
of the site, was to declare what is and is not allowed.
Plenty of docs on this out there but here is ours:
SSLEnable
SSLProtocolDisable SSLv2 SSLv3
SSLCipherSpec ALL NONE
SSLCipherSpec TLSv12 TLS_ECDHE_RSA_WITH_AES_12
