How to disabled SSL 3/RC4_128_SHA/RC4_128_MD5

  • | 994 points

    I had done a scan on my site using SSL Checker and the following were found.

    SSL 3.0 is an outdated protocol version with known vulnerabilities. How can I fix this?

    The server supports some insecure SSL ciphers
    TLS_RSA_WITH_RC4_128_SHA [insecure]
    TLS_RSA_WITH_RC4_128_MD5 [insecure]

    I had try to disable in httpd.conf and httpd-ssl.conf by entering the following ;
    <IfModule ssl_module>
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    SSLSessionCache "shmcb:C:/laragon/bin/apache/apache-2.4.16/logs/ssl_scache(512000)"
    SSLCompression off
    SSLSessionTickets Off
    SSLProtocol All -SSLv2 -SSLv3
    SSLHonorCipherOrder On

    Restart service and use the SSL Checker to check but still get the same result , anybody can help

    Many thanks

  • administrators
    | 131393 points

    @teojerah : I always use these without any problem:

    SSLProtocol ALL -SSLv2 -SSLv3
    SSLHonorCipherOrder On

  • | 994 points

    Strange i have use your setting in all the conf files but it still does not work :(

Log in to reply

Looks like your connection to Laragon was lost, please wait while we try to reconnect.