PDA

View Full Version : This server supports anonymous (insecure) suites (see below for details). Grade .. F



Fli
09-17-2015, 11:23 AM
I scanned my domain SSL here https://www.ssllabs.com/ssltest/

and i got this warning:

"This server supports anonymous (insecure) suites (see below for details). Grade set to F. "

the details:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017) INSECURE 112
TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016) INSECURE 128
TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018) INSECURE 128
TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019) INSECURE 256
TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) WEAK 128

It was fixed by editting Apache configuration. In my case i have WHM/cPanel:

"WHM Home » Service Configuration » Apache Configuration » Global Configuration"

in "SSL Cipher Suite" disable anonymous cyphers by adding:

ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL

i had there this one:

ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH (PCI recommended)

----
To increase grade from A- to A+ (remove warning: The server does not support Forward Secrecy with the reference browsers.), you may try:

"WHM Home »Service Configuration »Apache Configuration »Include Editor"

Edit the Pre Main configuration include file, Select All Versions

add:


Header add Strict-Transport-Security "max-age=31536000"
SSLHonorCipherOrder On
SSLCompression off