How to disabled SSL 3/RC4_128_SHA/RC4_128_MD5
I had done a scan on my site using SSL Checker and the following were found.
SSL 3.0 is an outdated protocol version with known vulnerabilities. How can I fix this?
The server supports some insecure SSL ciphers
I had try to disable in httpd.conf and httpd-ssl.conf by entering the following ;
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLProtocol All -SSLv2 -SSLv3
Restart service and use the SSL Checker to check but still get the same result , anybody can help
@teojerah : I always use these without any problem:
SSLProtocol ALL -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
Strange i have use your setting in all the conf files but it still does not work