When we talking about disable weak cipher, question raised what is weak cipher. Basically, when we send request over the
httpd channel, our request is encrypted by some security algorithm and security organization time to time update those cipher which are weak and early to decrypted by hacker or intermediate person.
Question raised in our mind:-
1. From where we can find the list of weak cipher.
to find week cipher list over the network, list is published by https://www.openssl.org/docs/manmaster.man1/ciphers.html
Above URL you can file list of week cipher.
2. How we can disable those week cipher.
Here we have again two question:-
1. When we are server, we should not allow those request in which these cipher are available.
2. When we are send request to any server where server disable these cipher, then how we can send our request after disable these cipher.
Now let understand one by one:-
Point 1: Now let me first explain if we are talking about to disable cipher from system level, we an download “iis crypto” that will “https://www.nartac.com/Products/IISCrypto/Download” and select appropriate cipher that you want to disable. Same is used by
So, now question raised, when we are using apache or java application then how we can disable these cipher.
In java, we have security file that will be available at
$JAVA_HOMEjre/lib/security for example in java installed in window path: “C:\java\jdk1.7.0_25\jre\lib\security” or any customized path where user install java. At above path open the java.secuirty file and search
and append your cipher that you want to disable. Modify your changes and restart you application or if not work then restart your system as well.
Same way, if you are going to implement a server that is hosted apache in that case you need to add cipher in
ssl configuration tag. After doing those changes restart the application server.
Most important question, how you will check what cipher are send in request. For that you need to download
wireshark and check the cipher that are sending in request.
Let me share you a video where you can refer to see the what are the cipher you are sending in request.
Always suggest that block the weak cipher at server level.
your comments are welcome to encourage me to write such type of post here. Happy learning 🙂