Correct cipher suites code?

Hi Everyone,

I am trying to copy the strong cipher suites from an existing website to a new website. Its almost there but some of them are not showing up in TLS 1.2 Cipher Suites.

I have these settings for my /etc/httpd/conf.d/ssl.conf file in the server of the new website. Please advise how can I make those highlighted Ciphers from the existing Website to show up in the New Website as well. I think I just have the codes wrong.

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on

My web server is (include version): Apache 2.4.43
The operating system my web server runs on is (include version): CentOS 7
The version of my client is : certbot 1.4.0

Thanks in advanced!


1 Like

Not the answer to your CHACHA-problem, but what’s ARIA128 / ARIA256? My OpenSSL doesn’t recognise it. Perhaps it isn’t compiled in mine, perhaps not in yours too? Seems to be supported, but just doesn’t show up on the default list of my openssl ciphers -v… Found some ARIA ciphers when I just typed openssl ciphers -v ARIA:


It seems OpenSSL doesn’t list the RSA part of the cipher suite when it uses RSA in stead of ECDSA?

Also, when I use your list of cipher suits in openssl ciphers -v, I’m getting the same list as SSLLabs presents on the right. So something is missing. Or incorrect.

If I run openssl ciphers -v | grep CHACHA, I found ECDHE-RSA-CHACHA20-POLY1305

So I guess the hashing parameter isn’t used with regard to CHACHA20…

This list gave me the green cipher suits (disregarding all the orange WEAK cipher suits) you wanted:



Here’s a really useful tool from Mozilla for generating recommended TLS configs in various software. Plug in your Apache and OpenSSL version, pick some other options and it spits out the suggested config.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.