Updated SSLCipherSuite String

Chrome has been complaining “Your connection to website is encrypted with obsolete cryptography”.  I made a change to my SSLCipherSuite string located at /etc/apache2/mods-available/ssl.conf to fix this.

Chrome would like you to be using anything with a higher hash than SHA1 and using GCM instead of CBC suites.[1]  For a simple fix, we can move the one Chrome currently prefers to the top of the list:


This will be fine until Chrome (and other browsers) support AES256-GCM-SHA384. If you don’t mind a longer string and would like to future-proof now, you can change your string to:


Make sure you have SSLHonorCipherOrder set to on:

SSLHonorCipherOrder on

[1] http://security.stackexchange.com/a/83891