How to Disable Weak Cipher as per time and business demand so taht a hacker not able to decrypt easyli.
Overview of weak ciphers
When we talking about disabling weak cipher, the question raised what is a weak cipher. Basically, when we send requests over the
httpd channel, our request is encrypted by some security algorithm, and security organization time to time update that cipher which is weak and early to decrypted by a hacker or intermediate person.
The question raised in our mind:-
1. From where we can find the list of the weak cipher.
to find week cipher list over the network, list is published by https://www.openssl.org/docs/manmaster.man1/ciphers.html
In the above-given URL, you can file a list of week cipher.
2. How we can disable that week cipher.
Here we have again two questions:-
1. When we are on a server, we should not allow those requests in which these ciphers are available.
2. When we are sending a request to any server where the server disables these cipher, then how we can send our request after disabling these cipher.
Now let us understand one by one:-
Point 1: Now let me first explain if we are talking about to disable cipher from the system level, we can download “iis crypto” that will “https://www.nartac.com/Products/IISCrypto/Download” and select the appropriate cipher that you want to disable. Same is used by
So, now question raised, when we are using apache or java application then how we can disable these cipher.
In java, we have security file that will be available at
$JAVA_HOMEjre/lib/security for example in java installed in window path: “C:\java\jdk1.7.0_25\jre\lib\security” or any customized path where user install java. On the above path open java.secuirty file and search
and append your cipher that you want to disable. Modify your changes and restart you application or if not work then restart your system as well.
Same way, if you are going to implement a server that is hosted apache in that case you need to add cipher in
ssl configuration tag. After doing those changes restart the application server.
The most important question, how you will check what cipher is sent in the request. For that, you need to download
wireshark and check the cipher that is sending in a request.
Let me share with you a video where you can refer to see the what are the cipher you are sending in a request.
Always suggest that block the weak cipher at the server level.
your comments are welcome to encourage me to write such type of post here. Happy learning 🙂