Due to a monitored security vulnerability on the TIM web server, it is required to remove weak cipher suites from the web server i.e. those with less than 128-bit encryption.
Take a backup of the file:
/opt/CA-httpd-2.2.22/conf.d/ssl.conf (/etc/httpd is a also symbolic link to /opt/CA-httpd-2.2.22).
In that file, edit the default SSL Cipher Suite setting as follows:
After making this change, reload the httpd configuration by running:
"service httpd reload"
You can verify the before and after change impact by running the openssl command:
openssl s_client -connect HOSTNAME:443 -cipher LOW:EXP
Before the change the result should be:
Verify return code: 18 (self signed certificate)
After the change the result should be an error:
17484:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert