I’ve got a one-click app of wordpress running on Ubntu 14.04.1, I’ve upgraded and no matter what I change in the Apache config (with subsequent restart of Apache, or even VM) the cipher suite used never changes when I evaluate the HTTPS connection details from a client.
I greped to find all the instances of SSLCipherSuite in all of/etc/apache2 and the only uncommented specification of what cipher suite to use is my own: SSLCipherSuite AES256+EECDH:AES256+EDH:HIGH
^ Note both defined are 256 bit bulk ciphers, yet no matter if I restart apache or the VM Calomel SSL validation on Firefox
What gives?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
@Jubal
You may want to extend the configuration by adding:
… above the
SSLCipherSuite
directive. What you’d end up with is:…
That being said, I would recommend using what’s provided by https://cipherli.st:
…
It’s important to keep in mind, the ciphers that you list in
SSLCipherSuite
will only be used when they are supported. If the connecting client does not support them, it’ll cause an error.I meant to add that the bulk cipher my client is using to connect to the site is 128 bit AES