Disabling anonymous ciphers in Apache not working

security linux apache-2.2 ssl openssl

Solution 1:

openssl ciphers -v with the cipher string will show the list.

You don't disable null encryption with !eNULL. OpenSSL does not enable it even in ALL but might as well make turning it off explicit.

Check for any config files containing SSL. And confirm it is httpd listening on that port.

You can get a second opinion with a local SSL/TLS scan script. There are a couple good ones that show exactly which ciphers they use.

Strong ciphers is relative. OpenSSL 0.9.8 can't really do TLS 1.1 or 1.2 so it isn't going to provide modern security (or score well in SSLLabs).

Solution 2:

You can add the !aNULL to the cipher string list to disable the inclusion of ciphers that has anonymous algorithms during the SSL handshakes

Related

FTP rule for NACL in AWS
Is there an async FUSE filesystem for replication?
Powershell: install RDS Terminal Server Gateway SSL Certificate
Can Procmail be configured to get rid of mail after it is passed to a script?
In Ansible inventory, can I exclude children from a host group?
Best AWS option for occasional video encoding with FFMPEG? [closed]
Exchange 2019 Connection Problems with GCs
Openstack VM build fails with error
Tons of Access from Google Proxy
Delete directory regardless of 260 char limit
What is the Indentation standard for HTML (Tab / Two spaces / etc)? [closed]
Yield in a recursive function