PingIdentity: Disabling SSLv3 and weak ciphers for PingFederate

The PingFederate server provides best-in-class Identity Management and SSO.  However, due to US laws governing export of cryptography, the default SSL protocols and cipher suites need to be configured to harden the solution.

Below are the steps involved with making these post-installation changes.

Continue reading “PingIdentity: Disabling SSLv3 and weak ciphers for PingFederate”

OpenSSL: Using OpenSSL to enumerate protocols and ciphers in use by web applications

While enabling HTTPS is a important step in securing your web application, it is critical that you also take steps to disable legacy protocols and low strength ciphers that can circumvent the very security you are attempting to implement.

As long as you have the latest version of openssl then you should be able to use a bash script like below (credit for this script goes here) to enumerate every matching protocol and cipher that a server is exposing:

Continue reading “OpenSSL: Using OpenSSL to enumerate protocols and ciphers in use by web applications”