SSLCipherSuite Settings to enable Strong Encryption

I am running a small ecommerce web site on a LAMP system with Apache2.2.9. I've recently had a PCI Compliance scan that found weak SSL Ciphers. I've added this to my Apache ssl.conf

SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite SSLv3:+HIGH:+MEDIUM

A subsequent PCI Scan reported weak SSL Ciphers and anonymous SSL Ciphers.

What else do I need to do to get strong encryption and disallow anonymous SSL Ciphers?

Thanks,
Rick
RickKnightAsked:
Who is Participating?
 
ravenplConnect With a Mentor Commented:
You can
openssl ciphers -v 'SSLv3:+HIGH:-MEDIUM:-LOW'
See, there there is even NULL cipher!

openssl ciphers -v 'HIGH:+MEDIUM:-LOW'
shows decent ciphers only - try it.

On the other hand You should not worry. well designed client negotiates the most stronger cipher server supports.
0
 
RickKnightAuthor Commented:
Thanks ravenpl, that's what I needed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.