Tag: disable

  • Disable SSLv3 support for Apache

    In case you haven’t disabled support for SSLv3 for Apache yet – do so now! You can easily disable SSLv3 using your Apache configuration httpd.conf using the option -SSLv3:

    SSLHonorCipherOrder on
    SSLProtocol -ALL -SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2
    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
    

    As always, make sure to restart Apache afterwards. Note that depending on your setup you might need to set the list of supported protocols for each vhost entry separately.

    Test your configuration

    Test your site’s security status to conform to best practice

    1. certificates
    2. protocol support
    3. key exchange
    4. cipher strength

    at Qualys SSLLabs. SSL Analyzer. This tool will check various parameters and provide you with an overall rating: Qualys SSL Lab Test Results