Disable RC4 cipher for Apache 2.2

Solution 1:

You should follow a better approach when configuring TLS.

Follow the Recommended configurations from Mozilla, a secure TLS configuration is more than disable RC4.

https://wiki.mozilla.org/Security/Server_Side_TLS

But since you are asking for disable RC4 based on your config here is:

SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4:+HIGH:+MEDIUM:+LOW

Solution 2:

Individual ciphers can be disabled via SSLCipherSuite configuration option by adding an exclamation mark (!) in front of them.

So SSLCipherSuite ALL:!RC4 will enable every openssl cipher except for RC4. In production, you should use something more robust, for example:

SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA256:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EDH+aRSA+AESGCM:EDH+aRSA+SHA256:EDH+aRSA:EECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!DHE-RSA-AES256-SHA:!ECDHE-RSA-AES256-SHA:!DHE-RSA-AES256-SHA:!DHE-RSA-CAMELLIA256-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-SEED-SHA:!DHE-RSA-CAMELLIA128-SHA:!ECDHE-RSA-AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH

This will disable SSLv3,TLSv1.0,TLSv1.1 so your server will only be accessible via TLSv1.2.

Disable RC4 cipher for Apache 2.2

Solution 1:

Solution 2:

Related

Recent Posts