How to disable SSLv2 and Weak Ciphers in Apache and IIS
Mon, 2011.05.30 - 10:43 — müzso
My preferred Apache directives are:
P.S.: the default Apache2 () SSL configuration in Debian Squeeze results in the exact same allowed cipher set:
I guess it relies on some defaults in mod_ssl which might differ in older Apache versions. So no problem if you're a bit overcautious and disable weak ciphers explicitly. 
SSLProtocol ALL -SSLv2
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!NULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUMP.S.: the default Apache2 () SSL configuration in Debian Squeeze results in the exact same allowed cipher set:
SSLCipherSuite HIGH:MEDIUM:!ADH
All of my own contents here (if not noted otherwise) are licensed under the
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Comments
TLSv1 might not cut it either ...