How to disable RC4 cipher suite on an Apache server<\/p>\n\n\n\n
Checking the configuration with Qualys SSL Labs, the results page shows “This server accepts the RC4 cipher, which is weak. Grade capped to B.”
This is a very common issue on old versions of Apache like 2.2.X
So, we need to disable the RC4 to avoid the week cipher suite being used.<\/p>\n\n\n\n
Locate your ssl.conf and try below settings.
First, change SSLHonorCipherOrder from off to on. It is default to off so you may have to add a new line if you cannot find this line on your ssl.conf file.<\/p>\n\n\n\n
SSLHonorCipherOrder on<\/em><\/p>\n\n\n\n And then, the default cipher suits need to be modified.<\/p>\n\n\n\n SSLCipherSuite, default cipher suits look like below, adding a # to comment it out.<\/p>\n\n\n\n # SSLCipherSuite ALL:!aNULL:!ADH:!DH:!EDH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM<\/em><\/p>\n\n\n\n Replace with below to disable the RC4 In addition,<\/p>\n\n\n\n You may want to disable SSLv2 and SSLv3 as well. Both are not safety anymore. SSLProtocol ALL -SSLv2 -SSLv3<\/em><\/p>\n\n\n\n Restart apache and then all done.<\/p>\n\n\n\n Visit https:\/\/www.ssllabs.com\/ssltest\/<\/a> again to confirm the RC4 warning is gone\u2026<\/p>\n","protected":false},"excerpt":{"rendered":" How to disable RC4 cipher suite on an Apache server Checking the configuration with Qualys SSL Labs, the results page shows “This server accepts the RC4 cipher, which is weak. Grade capped to B.”This is a very common issue on old versions of Apache like 2.2.XSo, we need to disable the RC4 to avoid the Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[104,5],"tags":[],"class_list":["post-742","post","type-post","status-publish","format-standard","hentry","category-apache","category-linux"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/742","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=742"}],"version-history":[{"count":0,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/742\/revisions"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
SSLCipherSuite kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!DES:!EXP:!SEED:!IDEA:!3DES<\/em><\/p>\n\n\n\n
Find the line of SSLProtocol, change it like below.<\/p>\n\n\n\n