httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Copeland <>
Subject Re: [users@httpd] SSLCipherSuite and SSL Key Exchange
Date Wed, 07 Dec 2016 11:56:22 GMT
Try the configuration tool at .


On 07/12/16 06:19 AM, Tea Wrex wrote:
> I have been using the Qualys SSL Labs SSL Server Test
> <> to test my SSL
> implementation. It scores an SSL server using the criteria located in
> the SSL Server Rating Guide
> <>. I'm trying
> to make the SSL as secure as possible. I have a 4096 bit certificate.
> My server currently gets an A+ rating because I have enabled HTTP
> Strict Transport Security (HSTS) with long duration. (More info on
> correctly configuring SSL can be found here
> <>.)
> What I am trying to do is get the /Key Exchange/ and /Cipher Strength/
> scores to be 100 percent. I already have a 100 percent grade for the
> /Certificate/ and/Protocol Support/ scores.
> I have no idea how to fix the /Key Exchange/ score, so I need help
> with that.
> I have been trying to change the /Cipher Strength/ score by playing
> with different variations of /SSLCipherSuite/.
> This is my current setting for /SSLCipherSuite/:
> It says in the Apache manual under /SSLCipherSuite/ that MEDIUM is
> "all ciphers with 128 bit encryption." However, when I have set
> !MEDIUM (as shown above) it does not remove the 128bit ciphers as they
> are still listed in the test results. I have tried various settings
> but cannot seem to remove the 128 bit ciphers.I also tried -MEDIUM but
> that did not work either.
> Thanks in advance for any help you can give,
> Tea

David Copeland
JSI Data Systems Limited

View raw message