I'm trying to update SSL settings for a testing server running CentOs 6.4, but after updating the SSL cipher suites, apache won't start.
Configuration file location: /etc/httpd/conf.d/ssl.conf
.
Restart command as root: service httpd restart
Originally (works):
SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP
Updated (doesn't work):
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!SSLv3:!EXP
I enabled the httpd LogLevel
to debug
, and below is what I see.
[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[info] Init: Seeding PRNG with 256 bytes of entropy
[info] Init: Generating temporary RSA private keys (512/1024 bits)
[info] Init: Generating temporary DH parameters (512/1024 bits)
[info] Init: Initializing (virtual) servers for SSL
(stops here)
I checked the virtualhost configuration on this server, and it just has a copy of the production server's configuration file. I'm unsure if it's relevant.
Any idea how to resolve this issue? On a side note, is it necessary to update both SSLProtocol
and SSLCipherSuite
?