Apache disable TLS_RSA_WITH_3DES_EDE_CBC_SHA after LetsEncrypt
This guide is for Apache but might be similar for other web servers
If you've just installed Let's Encrypt certificates with Certbot on your web server and ran SSL Server Test, you might have warning saying your server supports TLS_RSA_WITH_3DES_EDE_CBC_SHA
.
To drop support for this protocol you must
- Open
/etc/letsencrypt/options-ssl-apache.conf
- Delete
:DES-CBC3-SHA
from theSSLCipherSuite
line. - Restart apache
sudo service apache2 restart
Also, here is the default conf file
https://github.com/certbot/certbot/blob/master/certbot-apache/certbot_apache/options-ssl-apache.conf