Synology DSM 4.1 is vulnerable to BEAST and the Lucky Thirteen attacks out of the box. Switching to RC4 ciphers makes these attacks, and any other future CBC-targeting attacks, not work. To fix this these 2 files need to be updated:
/usr/syno/apache/conf/extra/httpd-alt-port-ssl-setting.conf
/usr/syno/apache/conf/extra/httpd-ssl.conf-common
Update them such that the line starting with SSLCipherSuite is replaced with these two lines:
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH:!SSLv2
Restart Apache:
/usr/syno/etc/rc.d/S97apache-sys.sh restart
/usr/syno/etc/rc.d/S97apache-user.sh restart
Double check that no other Apache configs contain SSLCipherSuite options:
grep SSLCipher /usr/syno/apache/conf/extra/*
