SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
Here is what you have to do to make it secure.
SSLProtocol all -SSLv2 SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!EXP:!MD5:!NULL SSLHonorCipherOrder on
If you are in doubts you can use ssllabs free service to find out if your SSL server is secure enough.
You will be amazed how many websites are vulnerable to MIM attacks just because of the fact that some people still think it is enough to buy a signed certificate. What is perhaps even more sad is that some people were surprised about the recent Diginotar hack but if you actually run the test for www.diginotar.com you will see it rated as "D" because it accepts weak ciphers and still supports insecure SSL 2.0. At the time of this writing that is still the case (https://www.ssllabs.com/ssldb/analyze.html?d=www.diginotar.com). Below are the results I just got:
Please do yourself a favor and make sure your website is hosted in an "A" rated SSL host.
No comments:
Post a Comment