SSLCipherSuite Settings to enable Strong Encryption

Posted on 2008-11-05
Last Modified: 2012-08-14
I am running a small ecommerce web site on a LAMP system with Apache2.2.9. I've recently had a PCI Compliance scan that found weak SSL Ciphers. I've added this to my Apache ssl.conf

SSLProtocol -all +SSLv3 +TLSv1

A subsequent PCI Scan reported weak SSL Ciphers and anonymous SSL Ciphers.

What else do I need to do to get strong encryption and disallow anonymous SSL Ciphers?

Question by:RickKnight
    LVL 43

    Accepted Solution

    You can
    openssl ciphers -v 'SSLv3:+HIGH:-MEDIUM:-LOW'
    See, there there is even NULL cipher!

    openssl ciphers -v 'HIGH:+MEDIUM:-LOW'
    shows decent ciphers only - try it.

    On the other hand You should not worry. well designed client negotiates the most stronger cipher server supports.

    Author Comment

    Thanks ravenpl, that's what I needed.

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    #SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
    Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now