Hi all,
I am testing my SSL on Qualys SSL Labs site.

I have a grade B, it says:
This server accepts the RC4 cipher, which is weak. Grade capped to B.

Is there something that I can do to remove RC4 cipher?
Is it safe to remove it? I use the SSL mainly for Email server and apache serving web pages.

It's not the only such resource, but I use https://wiki.mozilla.org/Security/Server_Side_TLS as my reference, using the intermediate configuration as a cipher list, while retaining decent compatibility. Note that the page is updated over time. That will definitely get you past the RC4 block, though a top grade may depend on other items as well (like HSTS and maybe OSCP stapling).

-- David

Hi,
thanks for the answer.

I don't understood, should I disable RC4 cipher?
If I disable it, what kind of problems may I have?

If you disable RC4 ciphers, people who want to use RC4 ciphers to talk to your server will be unable to do so. The Qualys SSL tool shows you what ciphers would be used by common clients to talk to your server, and their RC4 recommendation includes a link with more information on what the change will do and why you would want to do it.

- Les

I would disable it, yes, it's no longer considered secure, nor really necessary for most clients. If you have a specific requirement to use it, you'd know it and decide how to justify it, but in the absence of that, I'd definitely disable it. It's actually been broken for a while, but stuck around longer than it should have as the lesser of two evils in some cases due to compatibility concerns or practicality of an exploit.

As Les indicated, disabling will block clients that need it, but most have alternatives. It used to be that disabling RC4 would affect a large swath of clients with no other option, but that's not as much of an issue any more. The Mozilla cipher list falls back to 3DES for the really old guys to help with the remaining compatibility, which is far slower, but at least permits the connections. But if such clients are a very large percentage of your connections, that could be a consideration.

Of course, the SSL Labs test isn't necessarily gospel, so if you have a reason for RC4, just accept the B from that specific test.

See also the "RC4 weaknesses" discussion on the Mozilla page, or comments on the SSL Labs site (I think the "capped" warning has a link). If not, enabling the cap was discussed in https://community.qualys.com/blogs/secu ... ation-plan

-- David

Is there a possibility that some SMTP server will not be able to deliver mail to my server of I disable RC4?
Is there a possibility that I will loose some email if I disable RC4?

Thanks

It seems unlikely to me at this point in time, given how long RC4 has been on a deprecation path, but I suppose it's not impossible that some legacy client might have an issue. I don't have a lot of experience operating a public TLS-based SMTP server though. Certainly the SSL Labs test you started with is largely focused on web.

So if you have any doubt, just leave RC4 in your cipher set (probably prefer the more secure ones - e.g., put it at the end) for your SMTPS port. I'd probably still exclude it for the HTTPS port though.

Note that if you're actually operating on the SMTP port (25) and depending on the client to enable encryption with STARTTLS, I suppose leaving RC4 on is an even easier justification since you're already depending on clients to opt in to TLS and you probably don't want to give them any excuse to fail to negotiate a cipher and just use clear text for the email. This assumes you have clients authenticating with your server - if it's just last hop delivery the email has probably already been in clear text on earlier hops.

I don't know how large scale or high value a service it is you're operating, but if it's just your own mail server, I'd probably guess at this point you've probably spent more time considering RC4 than any attacker is likely to try attacking you through any of its weaknesses, so I'd probably just leave it on.

-- David