[Ach] Disabling anonymous ciphers
Christian Rishøj
christian at rishoj.net
Mon Jan 6 12:12:10 CET 2014
Hi,
Using the SSLCipherSuite and SSLProtocol directives from https://github.com/BetterCrypto/duraconf/blob/master/configs/apache2/https-hsts.conf, my Apache server scores "F" on https://www.ssllabs.com/ssltest/analyze.html, with the reason
> This server supports anonymous (insecure) suites (see below for details). Grade set to F.
The anonymous ciphers are:
TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)
TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)
TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016)
Did I screw up? If not, I think the guide could use either a correction or an explanation.
Best,
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140106/ffc26df4/attachment.sig>
More information about the Ach
mailing list