Here is the SSLCipherSuite directive that I use on my servers to lock out insecure ciphers:
SSLCipherSuite AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5
Try setting your config to this value. Obviously this is different than what you are trying to accomplish, but right now the goal is to figure out whether the SSLCipherSuite directive is actually being acknowledged. When you run the openssl_check.sh script again, it should return the following results:
+ AES256-SHA at Server public key is 1024 bit
+ AES128-SHA at Server public key is 1024 bit
+ DES-CBC3-SHA at Server public key is 1024 bit
+ RC4-SHA at Server public key is 1024 bit
+ RC4-MD5 at Server public key is 1024 bit
+ RC4-MD5 at Server public key is 1024 bit
If you see anything different, then the SSLCipherSuite is not being set properly. Double check that you don't have multiple SSLCipherSuite directives set across different files. Also make sure you are not accidentally setting it within an unintentional container, such as <Directory> or <VirtualHost>. I know that on CentOS, the default config file that has the SSL directives actually contains the SSLCipherSuite directive within a <VirtualHost> container. That threw me off recently when I was trying to setup apache on a CentOS box for the first time.
|