Prevent Logjam in Apache 2.2 on CentOS 6

Disable support for export cipher suites.

Configuration

Set the following SSL parameters within virtual hosts and reload the webserver:

SSLProtocol all -SSLv2 -SSLv3

SSLCipherSuite AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

SSLHonorCipherOrder on

References

https://weakdh.org/sysadmin.html

Leave a Reply

Your email address will not be published. Required fields are marked *