How to disable SSLv3 and RC4 ciphers in eHealth web server
search cancel

How to disable SSLv3 and RC4 ciphers in eHealth web server


Article ID: 93234


Updated On:


CA eHealth


Security scans reveal use of unsupported protocols for the environment. Specifically the SSLv3 and RC4 Ciphers.

They must be disabled, or the server will be shut down and locked out of the network due to the potential security vulnerabilities the working protocol presents.


All supported eHealth releases


Use -strongCipher option with the nhWebProtocol command.

nhWebProtocol -mode https -hostname <serverHostName> -port <WebServerPort> -strongCipher 

If not using SSL, set the -mode to http. 
Replace <serverHostName> with the servers real host name. 
Replace <WebServerPort> with the web servers port. 

This will trigger a re-write of the $NH_HOME/web/httpd/httpd.tpl file. Within we should see protocols disabled after having a leading exclamation point (!) character added to the protocol entry.

It should look something like this in the file:

Additional Information

Support recommends a web server services restart after this change, though it isn't a required step.