| View previous topic :: View next topic |
| Author |
Message |
bryantpcsolutions
-
Joined: 20 Apr 2016
Posts: 1
|
 Posted: Wed Apr 20, 2016 10:50 pm Post subject: Cipher Suites |
 |
|
In doing a network scan I can not figure out how to disable the "Weak Ciphers" in the config file. This is what is says (I have actually removed most but scans still say it's there:
ciphers>RC4-SHA:HIGH:MEDIUM:LOW:DEFAULT:-EXP:!SSLv2:!ADH:!aNULL:!eNULL:!NULL</ciphers>
Any ideas? |
|
| Back to top |
  |
 |
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1286
|
| Posted: Sun Apr 24, 2016 8:24 pm Post subject: Re: Cipher Suites |
|
|
| bryantpcsolutions wrote: | In doing a network scan I can not figure out how to disable the "Weak Ciphers" in the config file. This is what is says (I have actually removed most but scans still say it's there:
ciphers>RC4-SHA:HIGH:MEDIUM:LOW:DEFAULT:-EXP:!SSLv2:!ADH:!aNULL:!eNULL:!NULL</ciphers>
Any ideas? |
On pre-2.11 versions of Abyss Web Server, RC4 cipher was active. On these versions, you should change the ciphers suite to the following line:
EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4
This parameter is available in the section described in http://www.aprelium.com/data/doc/2/abyssws-win-doc-html/hosts-configuration.html#HOSTS-GENERAL-ADVANCED-SECURELAYER
This should remove RC4 from the list of negotiated ciphers.
We suggest using Qualys SSL labs' test available in https://www.ssllabs.com/ssltest/ to validate your HTTPS site and test it against vulnerabilities and certificate issues.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
|
|
|
@abyssws