1
0
In Apache 2.4, my vhost include the following :
SSLCertificateFile /etc/letsencrypt/live/qualification.teamagora.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/qualification.teamagora.com/privkey.pem
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM
SSLHonorCipherOrder on
SSLCompression off
which should deactivates RC4 ciphering...
Neverthelless, SSLLabs shows that the following ciphering is available !
TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE 128
TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) INSECURE 128
Where can I deactivate RC4 completely ?
Why is the vhost configuration file not taken into account (I did service apache2 restart)
It's not nice to start a bounty and then abandon it. – harrymc – 2017-09-10T09:38:21.270