Join Log in
Score:0
avatar Server

Disabling weak cypher suites in apache

in flag
user888045

I want to disable the following weak cypher suites in my apache server:

List of ciphers

This thread explains how to do it: Disable TLS cipher suites

However, my ssllabs report shows that many weak cyphers are still supported. I tried to disabled them by example using :!weak:!medium:![weak_algo_name] without success.

This is my current relevant ssl.conf:

SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1

SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLHonorCipherOrder     off

How can I remove these cypher suites?

Edit: As Steffen Ullrich mentionned,another config file was taking precedence over the ssl.conf file. After updating that file, it worked properly.

210
0 + 0
ssl
Steffen Ullrich avatar
se flag
Steffen Ullrich
The part of the configuration you show looks good, but ... Are you sure you are even testing your own server and not some reverse proxy or CDN in front of it? Did you restart the server after reconfiguration? Are there any configurations options in this or other files which might take precedence over what you've configured?
1
Reply
in flag
user888045
I did restart the server after making the changes with `httpd -k restart`. I succesffully disabled tls1.0 and tls1.1 by editing this config file, so it hints me that I am testing the right server. I will look for other files that might take precedence as you mentioned.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.