Disabling Diffie-Hellman on Apache Servers
You can edit keyword strings in the ssl.conf
or
httpd.conf
files to disable Diffie-Hellman on Apache Servers.
About this task
This task provides the procedure to disable Diffie-Hellman on Apache Servers by editing the
SSLCipherSuite config option string in the ssl.conf
or
httpd.conf
files.
Procedure
-
In Apache's conf directory, locate file:
ssl.conf
orhttpd.conf
-
Look for the SSLCipherSuite keyword string value:
To disable Diffie-Hellman, please insert "!EDH:!DHE:!DH:!ECDH" after the "ALL:" in the cipher spec. This is an example and you will need to make sure you include it to all the variants of Diffie-Hellman to disable it on your web server. For additional info: https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite
- Repeat this edit in every SSL config section, if you are not using one global section.
- Save the file.
- Restart the web server for the changes to take effect.