Reputation: 21
How to disable cipher CBC on apache 2.4 on centos 7
Halo all,
I would like to disable cipher CBC on apache2.4 because when I did penetration test my SSL configure with kali linux (using ./testssl -U mydomain.com), I got some notification like this picture below. pentest my ssl configure with testssl
I wish there is someone can help me to disable cipher CBC.
here my configure in /etc/httpd/conf.d/ssl.conf
SSLProtocol -All +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!PSK:!SRP:!KRB5:@STRENGTH
Upvotes: 2
Views: 3882
Answers (2)
Reputation: 1
I think he means
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DES
the last word should be 'DES' not 'DSS'
Upvotes: 0
Reputation: 3174
According to the Apache user mailing list, this would give you an A+ on SSL Labs, thus reaching your goal :
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
Upvotes: 0
Related Questions
- How can I disable Cipher Suites for Apache2
- Disabling TLS 1.0 & 1.1 in Apache 2.4.37 not working
- How can I disable TLS_RSA_WITH_AES_128_CBC_SHA without disabling others as well?
- Disabling TLS 1.0 in Apache 2.4
- How to Disable HTTP compression or SSL Compression on Apache 2.4.2
- How to enable TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher with Apache 2.4 and mod_ssl
- Enable SSLv2 in Apache
- SSL doesn't work after update httpd in centos
- How to disable SSL - RC4 Ciphers on Windows Server running Apache 2.4
- Apache won't turn off SSLv2 and SSLv3