To change the grade of encryption used with Apache on Mac OS X Server, follow these steps:
1. Open Terminal (/Applications/Utilities/).
2. Type: sudo pico /etc/httpd/httpd_macosxserver.conf
3. Press Return.
4. Enter your administrator password when prompted, and press Return. The httpd_macosxserver.conf file opens in the pico text editor.
5. Review the guidelines at the top of this file. Be sure to follow these when editing.
6. Use the arrow keys to scroll down to the SSLCipherSuite directives. There will be one for each virtual host. By default it looks like this:
SSLCipherSuite "RSA:-HIGH:-MEDIUM:-LOW:+EXP"
7. Modify this directive as necessary to provide the desired level of encryption. Examples:
- To require strong encryption:
SSLCipherSuite HIGH:MEDIUM
- To use the default cipher, but remove the no-longer-recommended SSLv2:
ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:!SSLv2:+EXP:+eNULL
- One way to add stronger encryption would be to change it to the following:
SSLCipherSuite "ALL"
8. Press Control-O to save the file, and Return to confirm.
9. Press Control-X to exit pico.
10. Restart Apache.
Notes
Important: Mention of third-party Web sites is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party Web sites. Apple provides this information only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are dangers inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that Web site.