How to: disable SSL 2.0 and use SSL 3.0
To restrict connections to SSL 3.0 and to ensure strong encryption, we strongly recommend the following configuration for the Apache serverâs SSL cipher suite settings.
* Use only High and Medium security cipher suites, such as RC4 and RSA.
* Remove from consideration any ciphers that do not authenticate, such as Anonymous Diffie-Hellman (ADH) ciphers.
* Use SSL 3.0, and disable SSL 2.0.
* Disable the Low, Export, and Null cipher suites.
To set these parameters, modify the aliases in the OpenSSL* ciphers command (the SSLCipherSuite directive) in the /etc/httpd/conf/httpd.conf file.
1.Stop the Apache server: At a terminal console, enter /etc/init.d/apache2 stop
2. Open the /etc/httpd/conf/httpd.conf file in a text editor, then locate the SSLCipherSuite directive in the Virtual Hosts section:
3. Modify the plus (+) to a minus (-) in front of the ciphers you want to disable and make sure there is a ! (not) before ADH:
4. Save your changes.
5. Start the Apache server: At a terminal console, enter /etc/init.d/apache2 start