httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 60739] SSLProtocol settings seem to have no effect
Date Thu, 16 Mar 2017 11:36:54 GMT

--- Comment #6 from David Favor <> ---
The problem seems to be an interaction between the Cipher List + SSLProtocol.

Depending on setting of Cipher List SSLProtocol seems to work or be ignored.

These settings disable TLSv1.0

# support old Android phones
SSLProtocol All -SSLv2 -SSLv3 -TLSv1

# Force using custom cipher list
SSLHonorCipherOrder on

Define sslCiphers
Define sslCiphers
SSLCipherSuite ${sslCiphers}

Other sslCiphers settings cause SSLProtocol to be ignored.

I think the fix is either to have SSLProtocol cause a prune of sslCiphers
settings or if there's a conflict between SSLProtocol + sslCiphers then have
some sort of warning about the conflict.

All in all, the problem is far more complex than it appears on the surface.

For now, I'll resolve my situation by using the above settings.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message