I am trying to disable all the weak CBC ciphers that are enabled on my Apache server in my AWS EC2 instance (AMI: Amazon Linux AMI 2018.03.0 (HVM), SSD Volume Type - ami-00eb20669e0990cb4). I have already disabled TLS 1.0 and 1.1. Here is the result of my SSL scan:
I followed the directions under the section "To modify the list of allowed ciphers"here and also followed the directions found here. Here are the relevant lines from my /etc/httpd/conf.d/ssl.conf file:
No matter what changes I make to my SSLCipherSuite and SSLProxyCipherSuite, I see no changes in the supported ciphers after restarting Apache and clearing my cache and rerunning the SSL scan.
Is there something I'm missing here?