HTML Microdata document

This HTML5 document contains 27 embedded RDF statements represented using HTML+Microdata notation.

The embedded RDF content will be recognized by any processor of HTML5 Microdata.

Prefix	Namespace IRI
dcterms	http://purl.org/dc/terms/
atom	http://atomowl.org/ontologies/atomrdf#
foaf	http://xmlns.com/foaf/0.1/
opl	http://www.openlinksw.com/schema/attribution#
n2	http://vos.openlinksw.com/dataspace/owiki/wiki/VOS/
dc	http://purl.org/dc/elements/1.1/
n11	http://vos.openlinksw.com/dataspace/dav#
rdfs	http://www.w3.org/2000/01/rdf-schema#
sioct	http://rdfs.org/sioc/types#
n5	http://vos.openlinksw.com/dataspace/person/dav#
n4	http://vos.openlinksw.com/dataspace/owiki/wiki/
rdf	http://www.w3.org/1999/02/22-rdf-syntax-ns#
n9	http://vos.openlinksw.com/dataspace/owiki#
n7	http://vos.openlinksw.com/dataspace/owiki/wiki/VOS/VirtTipsAndTricksManageSSLProtocols/sioc.
xsdh	http://www.w3.org/2001/XMLSchema#
n14	http://vos.openlinksw.com/dataspace/person/owiki#
sioc	http://rdfs.org/sioc/ns#

Subject Item: n5:this
foaf:made: n2:VirtTipsAndTricksManageSSLProtocols

Subject Item: n11:this
sioc:creator_of: n2:VirtTipsAndTricksManageSSLProtocols

Subject Item: n9:this
sioc:creator_of: n2:VirtTipsAndTricksManageSSLProtocols

Subject Item: n4:VOS
sioc:container_of: n2:VirtTipsAndTricksManageSSLProtocols
atom:entry: n2:VirtTipsAndTricksManageSSLProtocols
atom:contains: n2:VirtTipsAndTricksManageSSLProtocols

Subject Item: n2:VirtTipsAndTricksManageSSLProtocols
rdf:type: atom:Entry sioct:Comment
dcterms:created: 2017-06-13T05:44:37.227629
dcterms:modified: 2019-04-15T14:59:52.942406
rdfs:label: VirtTipsAndTricksManageSSLProtocols
foaf:maker: n14:this n5:this
dc:title: VirtTipsAndTricksManageSSLProtocols
opl:isDescribedUsing: n7:rdf
sioc:has_creator: n9:this n11:this
sioc:content: %META:TOPICPARENT{name="VirtTipsAndTricksGuide"}% ---+ Managing SSL Protocols and Ciphers used with Virtuoso %TOC% ---++ What As of Virtuoso 7.2, SSL protocol and cipher support is now configurable for connections from all HTTP, ODBC, JDBC, ADO.NET, and OLE-DB clients. ---++ Why Default binding to <nop>OpenSSL can expose Virtuoso instances to version- and cipher-specific SSL vulnerabilities (e.g., recent [[http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability][Poodle exploit]]). Being able to scope Virtuoso's use of SSL to one or more specific versions provides instance administrators better protection against a moving target. ---++ How ---+++ Basic SSL Protocol Configuration Basic configuration is through the <code><nowiki>SSL_Protocols</nowiki></code> values in the <code>[Parameters]</code> and <code>[HTTP]</code> sections of the Virtuoso INI file. These are comma+space-separated ("<code>, </code>") value lists. Including a protocol name explicitly enables it; preceding the protocol name with an exclamation point ("<code>!</code>") explicitly disables it. ---++++ Supported SSL Protocols and INI keyword values | *SSL/TLS Version* | *Value for INI file* | *Notes* | | SSL 2.0 | — | Permanently disabled. | | SSL 3.0 | <code>SSLv3</code> | Disabled by default. To our knowledge, only required by IE6/Windows XP clients. | | TLS 1.0 | <code>TLSv1</code> | Enabled by default. | | TLS 1.1 | <code>TLSv1.1</code> | Enabled by default, supported if available in local <code>openssl</code> library. | | TLS 1.2 | <code>TLSv1.2</code> | Enabled by default, supported if available in local <code>openssl</code> library. | ---+++ Advanced SSL Cipher List Configuration The <code><nowiki>SSL_Cipher_List</nowiki></code> values in the <code>[Parameters]</code> and <code>[HTTP]</code> stanzas of the Virtuoso INI file may also be adjusted, to disable particular ciphers when there are security reports about some new attack that breaks them. These are colon-separated ("<code>:</code>") value lists. Including a protocol name or groupname explicitly enables it; preceding the protocol name with an exclamation point ("<code>!</code>") explicitly disables it. You can review the ciphers supported by your local <code><nowiki>OpenSSL</nowiki></code> library with the command <verbatim> openssl ciphers -v ALL </verbatim> For instance, we recommend explicitly forbidding anonymous cipher suites (i.e., ones that don?t use certificates, and are therefore susceptible to man-in-the-middle attacks) using <code>!aNULL</code>. We also recommend including <code>@STRENGTH</code> at the end of the list, so that <nop>OpenSSL will prioritize the enabled ciphers by key length, regardless of the list order. ---+++ Recommended Settings The sample settings below provide a reasonable tradeoff of security versus flexibility. As shown, we have enabled SSLv3 on the HTTPS ports for IE6 users, but left this disabled on the SQL data port. <verbatim> [Parameters] SSL_Protocols = TLSv1, TLSv1.1, TLSv1.2 SSL_Cipher_List = HIGH:!aNULL:!eNULL:!RC4:!DES:!MD5:!PSK:!SRP:!KRB5:!SSLv2:!EXP:!MEDIUM:!LOW:!DES-CBC-SHA:@STRENGTH [HTTP] SSL_Protocols = SSLv3, TLSv1, TLSv1.1, TLSv1.2 SSL_Cipher_List = HIGH:!aNULL:!eNULL:!RC4:!DES:!MD5:!PSK:!SRP:!KRB5:!SSLv2:!EXP:!MEDIUM:!LOW:!DES-CBC-SHA:@STRENGTH </verbatim> ---++ Related * [[http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability][SSL 3.0 and Poodle Vulnerability]] * [[VirtTipsAndTricksGuide][Virtuoso Tips and Tricks Collection]]
sioc:id: eef7140502e0f7ea6c31c03f76a71973
sioc:link: n2:VirtTipsAndTricksManageSSLProtocols
sioc:has_container: n4:VOS
atom:title: VirtTipsAndTricksManageSSLProtocols
atom:source: n4:VOS
atom:author: n5:this
atom:published: 2017-06-13T05:44:37Z
atom:updated: 2019-04-15T14:59:52Z

Subject Item: n2:VOSIndex
sioc:links_to: n2:VirtTipsAndTricksManageSSLProtocols