Test SSL Servers and Disable Anonymous Cipher Suites

This is a good site to test your server’s SSL configuration:

Qualys SSL Labs – SSL Server Test

If your server fails, there’s a good chance it is because of this error:

This server supports anonymous (insecure) suites.
TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016)   INSECURE

If you are using cPanel, to fix the issue:

  1. Go to Apache Configuration then click Global Configuration. 
  2. In the SSL Cipher Suite area, click the last radio button so that you can enter a custom configuration.
  3. Enter the following:
    ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH:!aNULL

cPanel Apache SSL Cipher Suite Configuration

The last argument, !aNULL, disables the anonymous suites.

Advertisements

One thought on “Test SSL Servers and Disable Anonymous Cipher Suites

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s