AnsweredAssumed Answered

Disabled RC4 and Qualys SSL Test still says I have it enabled

Question asked by Patrick Huynh on Dec 27, 2016
Latest reply on Dec 27, 2016 by j-mailor

I would like some help on my Apache CentOS 7 website. I don't know why it still has RC4 enabled when it is already disabled. Maybe I still have it enabled. So this is my configuration for my web server. (/etc/httpd/conf.d/ssl.conf)

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on 

SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 \
EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 \
EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

If anyone could provide me a new code for SSLCipherSuite, that'd be great. Also I wanted to point out
that these are the errors I'm receiving on the Qualys SSL Test.

First problem image

Second problem image

If anyone can reply to this, I would appreciate it so much!!

Outcomes