To reduce the risk of HTTPS ciphers being cracked, allow only the strongest
ciphers available.
Deploying an Apache SSL certificate and forcing https ensures that all
data is encrypted. It does not, however, ensure that the encryption methods
(also known as ciphers) that are used are strong. With the ever-increasing power
of computers, many older or weaker ciphers can be cracked in a matter of
days or even hours by a determined person with malicious intentions.
-
In the
/etc/httpd/conf.d/ssl.conf file, find the
headings
SSLProtocol and
SSLCipherSuite.
Note: If they do not exist, add them below the
SSLEngine line.
-
In each section, add the following two lines:
SSLProtocol all -SSLv2 SSLCipherSuite
RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
-
Save the file and restart Apache.