RickKnight
asked on
SSLCipherSuite Settings to enable Strong Encryption
I am running a small ecommerce web site on a LAMP system with Apache2.2.9. I've recently had a PCI Compliance scan that found weak SSL Ciphers. I've added this to my Apache ssl.conf
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite SSLv3:+HIGH:+MEDIUM
A subsequent PCI Scan reported weak SSL Ciphers and anonymous SSL Ciphers.
What else do I need to do to get strong encryption and disallow anonymous SSL Ciphers?
Thanks,
Rick
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite SSLv3:+HIGH:+MEDIUM
A subsequent PCI Scan reported weak SSL Ciphers and anonymous SSL Ciphers.
What else do I need to do to get strong encryption and disallow anonymous SSL Ciphers?
Thanks,
Rick
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER