Disable all but RC4 in apache
Posted
by
Daniel
on Server Fault
See other posts from Server Fault
or by Daniel
Published on 2012-09-20T21:17:27Z
Indexed on
2012/09/29
3:41 UTC
Read the original article
Hit count: 480
Our PCI compliance vendor requires that we disable all but RC4 encryption on our web server. Currently our apache config file looks like this:
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH:!AES256-SHA:!ECDHE-RSA-AES256-SHA384:!AES128-SHA:!DES-CBC:!aNull:!eNull:!LOW:!SSLv2
However, https://www.ssllabs.com reports the following ciphers are allowed:
- TLS_RSA_WITH_RC4_128_SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
How can I configure apache to only allow RC4?
© Server Fault or respective owner