How to Set SSL Ciphers and update OpenSSL for PCI Compliant (Apache)

SSL Cipher Settings (PCI Compliant) If you going to use SSL for your site, make sure that you disable low level ciphers. To do this, simply edit: #/etc/httpd/conf.d/ssl.conf SSLProtocol -ALL +SSLv3 +TLSv1 SSLHonorCipherOrder On SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RCA4+RSA:+HIGH:!LOW:!MEDIUM #Save the file and restart the apache service httpd restart #check to see if the settings are working openssl […]

How to Remove Apache Header

Removing Apache Header Some third party scanners gives a warning about having the Apache server name to be public. One of the main reasons to hide this is to give hackers a hard time to guess what web servers you are using. Giving out your Apache version and your OS can let hackers quickly search […]