Trustwave Rapid Response: CrowdStrike Falcon Outage Update. Learn More
Get access to immediate incident response assistance.
Eliminate active threats with 24/7 threat detection, investigation, and response.
Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.
Advance your cybersecurity program and get expert guidance where you need it most.
Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.
Prevent unauthorized access and exceed compliance requirements.
Stop email threats others miss and secure your organization against the #1 ransomware attack vector.
Prepare for the inevitable with 24/7 global breach response in-region and available on-site.
Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.
To disable Diffie-Hellman key exchange, edit the SSL configuration file.
The location of the SSL configs depends on the version of Apache and the customer installation. For example, some Apache 2.2.3 installations have the SSL data in the file /usr/local/apache/conf/extra/httpd-ssl.conf A possible SSL cipher configuration (with explanatory comments) is given below. You should confirm the applicability of this configuration for your environment before applying it.
# Disallow ciphers that are weak (obsolete or # known to be flawed in some way). The use of # an exclamation mark in front of a cipher code # tells Apache never to use it. EXP refers to 40-bit # and 56-bit ciphers, NULL ciphers offer no encryption. # DH refers to Diffie-Hellman key exchange, # and LOW refers to other low strength ciphers. SSLCipherSuite ALL:!EXP:!NULL:!DH:!LOW
To contact Trustwave about this article or to request support: