I’d like to remove RC4 from the SSL ciphersuite. I tried editing templates/web.ssl.template.yml, because that seems like the likely place, but that file is part of the git repository, so it didn’t seem like something I should edit. Is this something I should override in app.yml, or is there some other place?
tricky, why do you want to disable it? should I not disable this for everyone?
You can add a hook after that replaces it out
SSL Server Test (Powered by Qualys SSL Labs) flags RC4 support as a warning because they consider it insecure. I’m not sure whether it should be disabled for everyone or not, but I would like to disable it for my site.
I might also wish to disable everything below TLS 1.2, but I’m not yet sure that I want to do that.
You could just
.launcher ssh app and change the nginx config manually, but of course an update could overwrite this.
Or use a hook like @sam said.
Ah ok – yeah I was mostly concerned with doing it in a way that wouldn’t get overwritten by an update. How does the hook work? Where would I add that?
We just had a potential customer ask about this and cite this report: SSL Server Test (Powered by Qualys SSL Labs)
So I think we should remove RC4 as a policy, on all our sites and the default Docker image @sam.
Great, that works for me. Thanks!
I just removed rc4 from the template
@ottumm for future reference:
You can do it by editing app.yml: Advanced Troubleshooting with Docker
It follows the same syntax as the template files.
There’s a pull request you might find handy: