Fli
09-17-2015, 11:23 AM
I scanned my domain SSL here https://www.ssllabs.com/ssltest/
and i got this warning:
"This server supports anonymous (insecure) suites (see below for details). Grade set to F. "
the details:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017) INSECURE 112
TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016) INSECURE 128
TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018) INSECURE 128
TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019) INSECURE 256
TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) WEAK 128
It was fixed by editting Apache configuration. In my case i have WHM/cPanel:
"WHM Home » Service Configuration » Apache Configuration » Global Configuration"
in "SSL Cipher Suite" disable anonymous cyphers by adding:
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL
i had there this one:
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH (PCI recommended)
----
To increase grade from A- to A+ (remove warning: The server does not support Forward Secrecy with the reference browsers.), you may try:
"WHM Home »Service Configuration »Apache Configuration »Include Editor"
Edit the Pre Main configuration include file, Select All Versions
add:
Header add Strict-Transport-Security "max-age=31536000"
SSLHonorCipherOrder On
SSLCompression off
and i got this warning:
"This server supports anonymous (insecure) suites (see below for details). Grade set to F. "
the details:
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017) INSECURE 112
TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016) INSECURE 128
TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018) INSECURE 128
TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019) INSECURE 256
TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) WEAK 128
It was fixed by editting Apache configuration. In my case i have WHM/cPanel:
"WHM Home » Service Configuration » Apache Configuration » Global Configuration"
in "SSL Cipher Suite" disable anonymous cyphers by adding:
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL
i had there this one:
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH (PCI recommended)
----
To increase grade from A- to A+ (remove warning: The server does not support Forward Secrecy with the reference browsers.), you may try:
"WHM Home »Service Configuration »Apache Configuration »Include Editor"
Edit the Pre Main configuration include file, Select All Versions
add:
Header add Strict-Transport-Security "max-age=31536000"
SSLHonorCipherOrder On
SSLCompression off