Disable RC4

Where do I turn off RC4 server wide in SSL

Status: 
Active

Comments

Howdy -- there's a variety of ways to do that, and which to use depends on what browsers you wish to support.

In general, the goal is to add a "SSLCipherSuite" line to /etc/httpd/conf/httpd.conf, and ensure that it contains ":!RC4:", meaning no RC4.

One such example I saw in the Qualsys forums would be to use "HIGH:!aNULL:!eNULL:!kECDH:!aDH:!RC4:!3DES:!CAMELLIA:!MD5:!PSK:!SRP:!KRB5:@STRENGTH" as your SSLCipherSuite.