How do I disable weak SSL cyphers and SSLv2?
NOTE: We shall soon change the default configuration to disable SSLv2 and weak cyphers by default. The following information was correct with respect to all publicly-released JumpBoxes as of April 13, 2010. Changing this configuration is easy, but requires some basic UNIX skills, such as text editing and using the shell. To disable weak SSL cyphers and SSLv2 on a JumpBox, perform the following steps: • If the JumpBox does not already have SSH enabled, enable it by following this FAQ. • SSH in to the JumpBox, then run sudo nano /etc/apache2/mods-enabled/ssl.conf (or use vi.) You will be prompted for your admin password. • Uncomment line 55 (which reads SSLCipherSuite HIGH:MEDIUM:!ADH). • Uncomment line 58 (which reads SSLProtocol all -SSLv2). • Save the file and exit the editor. • Run the following command: sudo /etc/init.d/apache2 restart After Apache has finished restarting, the configuration will be as desired.
