httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tea Wrex <>
Subject [users@httpd] SSLCipherSuite and SSL Key Exchange
Date Wed, 07 Dec 2016 11:19:05 GMT
I have been using the Qualys SSL Labs SSL Server Test
<> to test my SSL implementation.
It scores an SSL server using the criteria located in the SSL Server Rating
Guide <>. I'm
trying to make the SSL as secure as possible. I have a 4096 bit
certificate. My server currently gets an A+ rating because I have enabled
HTTP Strict Transport Security (HSTS) with long duration. (More info on
correctly configuring SSL can be found here

What I am trying to do is get the *Key Exchange* and *Cipher Strength*
scores to be 100 percent. I already have a 100 percent grade for the
*Certificate* and* Protocol Support* scores.

I have no idea how to fix the *Key Exchange* score, so I need help with

I have been trying to change the *Cipher Strength* score by playing with
different variations of *SSLCipherSuite*.

This is my current setting for *SSLCipherSuite*:


It says in the Apache manual under *SSLCipherSuite* that MEDIUM is "all
ciphers with 128 bit encryption." However, when I have set !MEDIUM (as
shown above) it does not remove the 128bit ciphers as they are still listed
in the test results. I have tried various settings but cannot seem to
remove the 128 bit ciphers.I also tried -MEDIUM but that did not work

Thanks in advance for any help you can give,


View raw message