Configure Apache SSL Cipher Suites for Best Security

By | 2013/01/25

Apache can be configured to use various SSL Cipher suites. For best security, set Apache SSL settings to use only the highest grade security ciphers. It has become common practice to also set the server to prefer an RC4-SHA cipher both for speed (it’s fast!) as well as a fix against the BEAST attack.

Google, for example uses an RC4 cipher by default as their preferred SSL cipher as do many other shops.

I’ll show you how to configure this in apache!

On Debian or Ubuntu, edit the following file:

$ sudo nano /etc/apache2/mods-available/ssl.conf

Red Hat / CentOS, edit this file:

$ sudo nano /etc/httpd/conf.d/ssl.conf

Put in the following configuration, save, then restart apache:

SSLHonorCipherOrder On

SSLProtocol all -SSLv2