Disable cipher suites that do not offer authentication such as NULL cipher suites, NULL, or eNULL. No authentication makes them vulnerable to man-in-the-middle attacks.

You must also disable the anonymous Diffie-Hellman key exchange (ADH), export level ciphers (EXP, ciphers containing DES), key sizes smaller than 128 bits for encrypting payload traffic, the use of MD5 as a hashing mechanism for payload traffic, IDEA Cipher Suites, and RC4 cipher suites because they are all vulnerable to attacks.