paul@crc

Q: Unable to disable RC4 after upgrading to Server 5.0.x

I was able to add the string "!RC4:" to the SSLCipherSuite and disable RC4 completely. Now after Server 5 and the addition of the *34543.conf and *34580.conf files in /Library/Server/Web/Config/apache2/sites/ I am unable to disable !RC4. I add the line back in to all the *34543.conf files and the 443.conf files and nothing. I also looked at the httpd-ssl.conf in etc/apache2/extra/ and it shows !RC4: already entered.

 

How do I disable RC4 with the new Server 5.0.x version?

 

I am running Mac OSX 10.10.5 and Server 5.0.4.

Xserve, OS X Server

Posted on Sep 28, 2015 1:27 PM

Close

Q: Unable to disable RC4 after upgrading to Server 5.0.x

  • All replies
  • Helpful answers

  • by thdelany,

    thdelany thdelany Feb 19, 2016 2:18 PM in response to paul@crc
    Level 1 (0 points)
    Feb 19, 2016 2:18 PM in response to paul@crc

    Running OS/X Server 5.0.15 on El Capitan 10.11.3, in:

     

    /Library/Server/Web/Config/apache2/sites

     

    I found a file named 0000_any_8084_<site_name>.conf (where <site_name> was the actual site URL).  I modified the "SSLCipherSuite" entry in this file and changed where it said "!EXP:RC4+RSA:" to "!RC4:"

     

    I am using a custom port with my site (not the default web site/port 443), hence the 8084 in the file name.  This appears to have done the trick for me.

     

    Tom

  • by somelucky2,

    somelucky2 somelucky2 Mar 18, 2016 2:02 PM in response to paul@crc
    Level 1 (10 points)
    Mar 18, 2016 2:02 PM in response to paul@crc

    I had this same issue.

     

    Modify this file:


    /Library/Server/Web/Config/Proxy/servermgr_serviceproxy_customsites.plist

     

    Restart the service:

    sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/serviceproxyctl restart

     

     

    ref: https://codedmemes.com/lib/cipher-suites-forward-secrecy/