How to disabled SSL 3/RC4_128_SHA/RC4_128_MD5


  • | 610 points

    I had done a scan on my site using SSL Checker and the following were found.

    SSL 3.0 is an outdated protocol version with known vulnerabilities. How can I fix this?

    The server supports some insecure SSL ciphers
    TLS_RSA_WITH_RC4_128_SHA [insecure]
    TLS_RSA_WITH_RC4_128_MD5 [insecure]

    I had try to disable in httpd.conf and httpd-ssl.conf by entering the following ;
    <IfModule ssl_module>
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    SSLSessionCache "shmcb:C:/laragon/bin/apache/apache-2.4.16/logs/ssl_scache(512000)"
    SSLCompression off
    SSLSessionTickets Off
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    SSLProtocol All -SSLv2 -SSLv3
    SSLHonorCipherOrder On
    </IfModule>

    Restart service and use the SSL Checker to check but still get the same result , anybody can help

    Many thanks


  • administrators
    | 52764 points

    @teojerah : I always use these without any problem:

    SSLProtocol ALL -SSLv2 -SSLv3
    SSLHonorCipherOrder On
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    
    

  • | 610 points

    Strange i have use your setting in all the conf files but it still does not work :(


Log in to reply
 

Looks like your connection to Laragon was lost, please wait while we try to reconnect.