SSLCipherSuite and SSL Key Exchange

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have been using the Qualys SSL Labs SSL Server Test to test my SSL implementation. It scores an SSL server using the criteria located in the SSL Server Rating Guide. I'm trying to make the SSL as secure as possible. I have a 4096 bit certificate. My server currently gets an A+ rating because I have enabled HTTP Strict Transport Security (HSTS) with long duration. (More info on correctly configuring SSL can be found here.)


What I am trying to do is get the Key Exchange and Cipher Strength scores to be 100 percent. I already have a 100 percent grade for the Certificate and Protocol Support scores.

I have no idea how to fix the Key Exchange score, so I need help with that.

I have been trying to change the Cipher Strength score by playing with different variations of SSLCipherSuite.

This is my current setting for SSLCipherSuite:

SSLCipherSuite ECHD:!aNULL:!NULL:!eNULL:!MEDIUM:!LOW:!MD5:!RC4

It says in the Apache manual under SSLCipherSuite that MEDIUM is "all ciphers with 128 bit encryption." However, when I have set !MEDIUM (as shown above) it does not remove the 128bit ciphers as they are still listed in the test results. I have tried various settings but cannot seem to remove the 128 bit ciphers.I also tried -MEDIUM but that did not work either.

Thanks in advance for any help you can give,

Tea


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux