Hello Security Expert.

I am running an application in apache using mod_ssl. A quick scan has revealed that the server supports CBC ciphers , RC4 for TLSv1, RC4 for SSLv3, weak MAC for SSLv3 and weak MAC for TLSv1.

My first approach after lots of google search is to this is to do the following:

I am not really sure whether this is in the right direction. I need some advice please. Thanks in advance

See http://httpd.apache.org/docs/2.0/mod...oxyciphersuite or https://www.sslshopper.com/article-h...in-apache.html and then test it.

Also please note ...

In most cases, "penetration of a cipher system" rarely-if-ever occurs due to the theoretical "weakness" of the cipher system. Instead, it occurs due to "other factors." Such as ... a pistol being pointed at the young daughter of the father who possesses the key, or ... a functional weakness in the key management/negotiation system.

The SSL protocol, like all other such modern cipher systems, employs public-key infrastructure (PKI) to negotiate a "one-time, random, session key" that is subsequently used in a conventional ("asymmetric") encryption algorithm. Also by design, it enables the two parties to negotiate which particular algorithm will be used.

So, "the algorithm, whatever-it-is," and "the key, whatever-it-is," will only be used once, for this particular exchange, which is of a finite length. (The protocol also provides for periodic re-negotiation, if necessary.) Therefore, even a "theoretically 'weak(er)'" algorithm is likely to be pragmatically sufficient, because it is being used in a strong way.

Hello All,

Thanks for your answer. I will test and revert