https://www.ssllabs.com

SSL LABS has a SSL server test, checking https://luisaranguren.com on it made me realize it wasn’t doing too bad but there was some room for improvement. Overall rating was 64 “C”. Scored 100 except on protocol support, because I was still using SSL v2, which is deemed insecure and 40 in key exchange.

First step is to modify to protocol support, for that I changed the httpd-ssl.conf file to:

#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#By Luis Aranguren 2011-12-12
#ssllabs.com suggestions/test
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP:+eNULL

Thus removing the SSLv2 support with !SSLv2 and removing all low strength ciphers with !LOW. Just those two changes increase my score to 85 “A”. With protocol support to 85 and Key Exchange to 80. This only removed the ciphers from the protocol and not the protocol itself, so I need to add the following to the same file:

SSLProtocol ALL -SSLv2

This removed the protocol, but did not improve the score.