Tweak the AWS SSL configuration to be more secure

Your hosting platform supports a few weak ciphers for SSL which makes it less secure:


This server supports weak Diffie-Hellman (DH) key exchange parameters (

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits   FS   WEAK 256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits   FS   WEAK 256

TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits   FS   WEAK 256

TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 1024 bits   FS   WEAK 256

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits   FS   WEAK 128

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 1024 bits   FS   WEAK 128

TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits   FS   WEAK 128

TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a) DH 1024 bits   FS   WEAK 128

TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 1024 bits   FS   WEAK 128

  • Joris Witteman
  • Jul 24 2017
  • Martijn Hoppenbrouwer commented
    28 Jul, 2017 12:54pm

    You have my vote - if i had any votes left!
    Very important, especially during the current GDPR rules and the fight between Google and Symantec for example!

  • and 2 more