cURL / Mailing Lists / curl-users / Single Mail

curl-users

How to permanently disable ciphers in curl command line.

From: Spork Schivago <sporkschivago_at_gmail.com>
Date: Fri, 15 Jul 2016 14:11:22 -0400

Hello,

I'm sorry if this is a dumb question. I'm running a Virtual Private Server
(VPS) that has CentOS 6.8 Final on it. curl is version 7.19.7
(x86_64-redhat-linux-gnu). I run this command to get an idea of what
ciphers are installed:

curl https://www.howsmyssl.com/a/check

And I see this response:

{"given_cipher_suites":["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256","TLS_DHE_DSS_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256","TLS_DHE_DSS_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_RC4_128_SHA","TLS_RSA_WITH_RC4_128_MD5","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA","TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA","TLS_RSA_WITH_3DES_EDE_CBC_SHA"],"ephemeral_keys_supported":true,"session_ticket_supported":false,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":false,"able_to_detect_n_minus_one_splitting":false,"insecure_cipher_suites":{"TLS_RSA_WITH_RC4_128_MD5":["uses
RC4 which has insecure biases in its
output"],"TLS_RSA_WITH_RC4_128_SHA":["uses RC4 which has insecure biases in
its output"]},"tls_version":"TLS 1.2","rating":"Bad"}

It's those last two that really worry me. The TLS_RSA_WITH_RC4_128_MD5
cipher and the TLS_RSA_WITH_RC4_128_SHA cipher. Is there away to disable
them system wide? I don't know a lot about curl and I've tried searching
the net but couldn't really find much on it. Any suggestions are welcomed.

I'd like to add that I'm new to operating a server so please go easy on me!

Thanks!

Spork

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-users
FAQ: https://curl.haxx.se/docs/faq.html
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-07-15