February 2020
Intermediate to advanced
666 pages
15h 45m
English
Content preview from Mastering Linux Security and Hardening - Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Hardening Apache SSL/TLS on RHEL 7/CentOS 7
Okay, I did say that we'd look at doing this on a CentOS 7 machine. But I'll make it brief.
You'll install Apache and mod_ssl on CentOS 7 the same way that you did on CentOS 8, except that you'll use the yum command instead of the dnf command. As with CentOS 8, you'll need to enable and start Apache with systemctl, but you won't need to enable the ssl site or the ssl module. And, of course, make sure that port 443 is open on the firewall.
When you do an sslscan of a CentOS 7 machine, you'll see a very long list of supported algorithms, from TLSv1 through TLSv1.2. Even with TLSv1.2, you'll see a few really bad things, like this:
Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256 ...