Prevent HTTPS cracking

To reduce the risk of HTTPS ciphers being cracked, allow only the strongest ciphers available.

Deploying an Apache SSL certificate and forcing https ensures that all data is encrypted. It does not, however, ensure that the encryption methods (also known as ciphers) that are used are strong. With the ever-increasing power of computers, many older or weaker ciphers can be cracked in a matter of days or even hours by a determined person with malicious intentions.
  1. In the /etc/httpd/conf.d/ssl.conf file, find the headings SSLProtocol and SSLCipherSuite.
    Note: If they do not exist, add them below the SSLEngine line.
  2. In each section, add the following two lines:
    SSLProtocol all -SSLv2 SSLCipherSuite
    RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW 
  3. Save the file and restart Apache.
    • apachectl restart