If your main quest is to harden Cipher Suite, something like
that is quite good :
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
you should remove SSLv2 as it as weakness.
Jerome
Qingshan Xie a écrit :
>I am using Apache 2.0.54 with.
All,
I am using Apache 2.0.54 with. The default
SSLCipherSuite is
SSLCipherSuite
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
In this CipherSuite, I observed nearly all
browsers(IE, Netscape, Firefox) select RC4. Tried to
change it to 3DES, like
SSLCipherSuite
ALL:!ADH:3DES+RS
